Drive mapping isn't guaranteed to use NetBIOS - this depends on the OS and revision. For instance, Windows began using SMB (TCP:445) on Windows 2000 and later for remote file shares (although NetBIOS connections are still supported for downlevel compatibility. The problem with allowing either or (FSM help us) both across one; much less two firewalls is that file shares aren't the only things that use these transports. Remote registry, remote service control are two of my favorite examples of SMB-carried traffic.
My favorite p1553d-0ff domain admin trick is: for %i in (list of dcs) do sc \\%i config netlogon start= disabled & sc \\%i stop netlogon You won't reverse this action without a recovery console, since the DCs in question can no longer authenticate any logon attempt. Of course, you have to order your list properly so as to do the GCs last, but for a domain admin, that's trivial info gathering. The point is; if you allow direct file share access between your security zones (or else why have a firewall between them), you create a much larger threat than simple file mangling. You might consider using FTPS or SSH connections; they're relatively secure, depending on the server/client package you select. Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, March 21, 2007 7:01 PM To: [email protected] Subject: Shared drives through a firewall Hello Group; I am trying to persuade a client NOT to map a drive through two firewalls to an untrusted server in a DMZ to run an application. I've tried Googling Netbios and security, but get so many entries as to be useless. Other than the latency issues, and my ten cents that it seems to me to be an enormously foolish idea, can you folks offer me any further ammunition? Big Thanks if you can Eigen All mail to and from this domain is GFI-scanned.
