Christopher R. Hertel wrote:
On Mon, Dec 09, 2002 at 09:26:24PM -0500, John E. Malmberg wrote:Jason Hihn wrote:I've a need for Samba to work over NetBEUI. We have a file server here that only speaks that way to bar out TCP-based hackers,There is a popular misconception that you can use NetBeui in this way.We use it that way here at the University.
But not to isolate LAN traffic from the public Internet.
Ok, attacks are limited to people that you share a router leg with. On a broadband ISP that could be several subnets that appear to be on separate lines but are not.Hmmm?There is no security advantage in use NetBEUI in this manor.
The most likely exploit would be the WIN-POPUP spam. But who knows what other holes that a virus might be able to exploit.
Since the subnets rarely connect to each other, the symptom of duplicate traffic from the "router on a stick" configuration usually does not apply. ISPs do this, but a campus LAN would not.
Yours is clearly a different case than the typical small home or small business LAN.It is just as easy to block the NetBios TCP/IP ports at the router between your private network and the one where the hackers are.I have hundreds of routers. Some people want those ports open,
others not. Ouch. Managmenet nightmare. I really don't want to
maintain a per-port security configuration database.
-John
[EMAIL PROTECTED]
Personal Opinion Only
