Re: GCI filtering port 139?

Uhm... I'm gessing you guys arn't familier with IP filtering. He is
talking about locking it down to one IP address. This should be fine.
Unless, of course, the attacker finds out which ip address it's locked down
to, then starts spoofing it. I really only see this as a risk with people
you have told the IP to and those who lie in the intervening or adjacent
networks. In this case: Local Network, GCI, upstreams, ACS, Remote Network.
Proper routing rules should mitigate the posibility of spoofing from outside
sources. This is assuming that GCI, ACS, and their upstreams have this
functionality in place. *caveat* I've been wrong in assuming such things
before.

In other words, I am disagreeing with certain others here on list about the
severity of the risks associated with leaving an SMB server on the internet
in the configuration your specified. I think you are definately a lot safer
with this approach. There are still risks involved, though, much less so.
Ultimately, i'd recommend an encrypted tunneling system anyway. The choice
is yours.

Sincerely,
- Beau

On Tuesday 28 December 2004 19:42, KURT BRENDGARD wrote:
> short answer: YES!!!!!!
>
> long answer: YES!!!!!!! how important is that box to
> you? you set it up with those ports open, it wont take
> long till somebody figures out its there and starts in
> on it(2 scripts, one to find, one to try owning). even
> if its netbsd, it wont take them long to figure out
> its not windows and fingerprint the box to see what it
> is(another script). once they do that, they start
> looking up what holes there are in it(posted on
> various sites for all to read). those ports are some
> of the most looked for on the net, simply because most
> windows boxes listen on them, even if they are
> hidden/closed/protected. and the tools to own boxes
> are scripts free for the download. simply put, those
> are among the last ports you want open to the
> internet, on any system.
>
> if you do do it, at least back the box up, youll need
> it.
>
>
>
> ------------------------------
>
> Date: Mon, 27 Dec 2004 17:11:55 -0900
> From: Grant Stockly <grant@cmosxray.com>
> Subject: re: GCI filtering port 139?
>
> Its a netbsd box running samba with one share, one
> user, and an
> ipfilter
> for one IP address. Do I really need more?
>
> At 11:56 AM 12/26/2004 -0800, KURT BRENDGARD wrote:
> >whats your ip addy ?? i could use some more storage
> >for my files :>
> >
> >you should never ever ever open those ports to the
> >internet, unless you WANT somebody to own you. the
> >newer windows boxes can be set up to virtual private
> >network with few(for windows) problems. i'm assuming
> >you have a firewall of some kind, (if not, set one
>
> up,
>
> >better the script kiddies own your firewall and give
> >you more time to protect your server. its one more
> >layer of protection they have to go through) they are
> >not that spendy now days. most of them now come with
> >vpn built in as well. if you set up a linux firewall,
> >you can set up one on that. if its a stationary box
> >you are using to vpn in, you could set up vpn to vpn
> >firewalls, but that allows the whole network to use
> >your files as well.
>
> __________________________________
> Do you Yahoo!?
> Take Yahoo! Mail with you! Get it on your mobile phone.
> http://mobile.yahoo.com/maildemo
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Dec 28 21:49:09 2004