Re: Linux firewall for a Samba || NT file server

[Jake Morrison <jake_morrison@example.com>]

Jc,

If I recall correctly, there are some potential security 
problems with allowing access to udp/137 -- crackers can 
use it to map out your network. 

I think there are some other performance and/or security
reasons not to use SMB for a public service. It is a very
complicated protocol, and the potential for bugs or vulnerabilities
to denial of service attacks is large. SMB authentication is
also subject to spoofing.

You would probably be better off running HTTP or FTP. 

Allowing write access is also quite tricky. It can be used
to compromise the server or store warez.

Jake

--- Tobias Diedrich <ranma@example.com> wrote:
> Jean-Christian Imbeault wrote:
> 
> > - if I allow only NetBIOS access will my file server still work as
> a file 
> > server? (does a file server need more than NetBIOS? I assume Samba
> would 
> > need TCP/IP?)
> 
> Yes. Except for Windows 2000 the SMB protocol runs completely over 
> NetBIOS and uses the ports udp/137 (NetBIOS name service),
> udp/138 (NetBIOS datagram service) and tcp/139 (NetBIOS session
> service).
> Windows 2000 can additionally run SMB over tcp/445 
> 
> However you can also do MS-RPC calls over the NetBIOS interface...
> 
> > - can a firewall actually restrict anything but NetBIOS?
> 
> Should be no Problem I think ?
> 
> -- 
> Tobias							     PGP-Key: 0x9AC7E0BC
> echo ${SIGNATURE}
> 
>
-----------------------------------------------------------------------
> Next Nomikai Meeting:    Fri, Aug 10 19:30-  Tengu Tokyo Eki-Mae
> Next Technical Meeting:  Sat, Sep 15 13:30-  Akasaka Kumin Center
>
-----------------------------------------------------------------------
> more info: http://www.tlug.gr.jp           Sponsor: Global Online
> Japan
> 


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/