On Thu, 10 Feb 2005, Robert Schetterer wrote:
Date: Thu, 10 Feb 2005 22:20:30 +0100
From: Robert Schetterer <[EMAIL PROTECTED]>
To: Paul Gienger <[EMAIL PROTECTED]>
Cc: [email protected], Gordon Russell <[EMAIL PROTECTED]>
Subject: Re: [Samba] Firewall piercing - The Specified network name is no
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi @ll,
following this a longer time now,
i want to say open smb to web is a total security desaster.
You will be hacked i minutes by broadcasting smb scanners.
HOW?
If Samba is so easily "hackable"... HOW?
This is *Samba*.
On a SPARC.
Running OpenBSD.
You wanna tell me how the 31337 h4x0r types-- who are used to 0wning
PeeCees running Win9x, not freaking UltraSPARCs running OpenBSD and
SPARC-- are going to "hack" me within a minute?
As others recommend before , use a tunnelstuff i.e openvpn,pptpd,ipsec
to tunnel smb in this, or simple use a apache with webdav
which is shown as a network share too in windows,with same features as
smb shares.
Winscp is a very good solution too.
Last word about your users, if they want to connect
via the internet via smb , their clients must open smb too,
so they will be vulnerable too, they dont will feel very cool
Um, what?
How does acting as an SMB --CLIENT-- put one at risk?
finding their Bank accounts numbers after a few days, or their private files
somewhere in the internet stolen from some kids.
As all this stuff is freeware and mostly included in windows and in the
most nix distros , there should be no problem to setup a secure
smb or equal quality connect through the web.
Note: smb is not the solution you need , Apache with webdav will do it
quite good.
Best Regards
Paul Gienger schrieb:
|
|> Dude -- Your arrogant attitude towards getting help and resolving your
|> problem is not getting you anywhere -- its obviously problematic to
|> pump SMB/CIFS into the internet the way you would like to. Why don't
|> you look at a simpler solution like running an anonymous ftp server
|> and then your pathetic windoze users can just type:
|
|
| The problem here is that *he* is the user that wants to use smb
| bare-assed over the internet. I doubt this would be that much of an
| issue if it were a user, since a respected sysadmin can usually tell
| someone how they should be using a network resource, unless the user is
| braindead upper management unfortunately. We're into the "I'd really
| like to do it this way for no apparent gain" zone on this one.
|
| Lets all just let this one die. No poster has touched the issue he's
| having, and from the people that have posted it doesn't look like anyone
| is going to be attempting to help, not because no one knows, but because
| it's been deemed a WTF issue. If Mr. Blank gets this one to work he'll
| have one more "I did a cool thing one day" feather in his cap when he
| goes client scouting.
|
|>
|> ftp://server/directory
|>
|> POOF
|>
|>> Please read my points on this sort of "solution" in the past. The whole
|>> REASON I want to use Plain Vanilla SMB is so I can walk up to ANY
|>> Windoze
|>> machine on the entire flippin' Internet and go:
|>>
|>> Start
|>> Run
|>> \\IP_ADDRESS\sharename
|>> (username)
|>> (password)
|>>
|>> POOF.
|>
|>
|>
|
- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org
\**********************************
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**********************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCC9Ae+Jw+56iSjEkRAkGQAKCaK23JYwvWGD/oPvZF3WwHe7l2vACgmeAD
UeyREkvpDINTuTkgGWaaQQ0=
=KfoG
-----END PGP SIGNATURE-----
--
J. L. Blank, Systems Administrator, twu.net
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
