NFS Windows/Linux

Derek Atkins warlord at mit.edu
Thu Feb 20 15:25:36 EST 1997 

mikebw at bilow.bilow.uu.ids.net (Mike Bilow) writes:

> Since NetBEUI is inherently unable to be routed, I would assume that
> it tends to be fairly secure by default.  This is very different
> from TCPBEUI, which obviously can cross routers.  I can't really
> imagine anyone running a TCP/IP LAN without a firewall these days,
> and I'm not so sure that the firewall has to be quite that fascist.

I run a TCP/IP LAN at home and I don't have a firewall.  But I'm
probably more the exception than the rule.  I believe that we can
secure machines such that firewalls are no longer necessary.  Indeed,
I believe that such security is available today, if people use it.

> You're something of an expert on security, so I may as well ask: if
> the firewall simply blocks all inbound traffic referencing ports
> 137, 138, and 139, what risk is there to a TCPBEUI LAN?  Are there
> any legitimate reasons for traffic from the public referencing these
> ports to cross a firewall?

I must admit that my personal resolver doesn't expand "BEUI".  I also
don't know enough about the internals of netbios to know if it uses
any ports other than the 137-139.  I *suspect* that blocking those
ports on the firewall (both incoming *AND* outgoing) _should_
effectively block netbios, but it's always possible for someone on the
inside to open up holes to people on the outside.

Security, of course, depends on your threat model.

FYI: Much of my information about SMB is from CIFS, which is based on
SMB.  CIFS is MicroSquish's vaporware marketing to battle WebNFS
(which actually exists).

>    netbios-ns      137/tcp    NETBIOS Name Service
>    netbios-ns      137/udp    NETBIOS Name Service
>    netbios-dgm     138/tcp    NETBIOS Datagram Service
>    netbios-dgm     138/udp    NETBIOS Datagram Service
>    netbios-ssn     139/tcp    NETBIOS Session Service
>    netbios-ssn     139/udp    NETBIOS Session Service
>    #                          Jon Postel <postel at isi.edu>
> 
>  DA> N1NWH
> 
> I didn't know you were a ham!  Are you ever active on the Boston repeaters?

Used to be active on the MIT Repeater.  Ocassionally I was on .23, but
that was a few years ago.

> -- Mike, N1BEE

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/      PP-ASEL      N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the Discuss mailing list