[Dshield] Netbios over tcpip never good ? (was spamcop listed)

Chris Brenton cbrenton at chrisbrenton.org
Tue Dec 16 20:42:48 GMT 2003

On Tue, 2003-12-16 at 13:52, Richard Roy wrote:
> I don't mean to start a FLAME war, but this IS a group of security
> minded individuals correct?

If security is your primary concern, hit the "off" switch on your
computer and leave it in that position. Anything less than this security
posture implies that you are willing to accept some level of risk in
order to do business. Now its just a matter of how much risk you are
willing to accept. Different organizations and individuals have
different levels of risk they are willing to accept.

> I must disagree strongly.  NETBIOS has NO place on the Internet PERIOD.

I think I could make a strong argument that Windows has not place on the
Internet, but we will not go there. ;-)

> OUCH! I can not believe that anyone would ever be seroius about that.
> MS themselves in their own training courses tells you that netbios does
> not belong over the Internet.  

Speaking of "training, I'm noticing a trend, have confirmed this with
other SANS instructors, but would love some feedback from the community
at large.

I'm starting to see more production Windows 2003 servers in the wild. As
most of you probably know, it ships with no open listening ports. You
effectively have a server that can not act as a server till you turn
stuff on. Sounds good so far, but wait there is more. ;-)

I'm noticing that during my audits that many administrators don't
understand what needs to be turned on and what does not. They end up
turning *everything* on in order to get it working. The end result is a
server that is actually _less_ secure than a Windows 2000 server out of
the box. 

Is anyone seeing this as well? Obviously this is a matter of
administrator education, and a more informed admin will not do this. As
a ratio however, I'm seeing more insecure 2003 servers than 2000 during
my audits. Just curious if anyone else that is doing auditing is seeing
similar results.

> I apologize if this is a bit mean spirited, but I cannot believe anyone
> who subscribes to this list and reads the postings would have this type
> of an uninformed attitude.

I personally would *never* use NetBIOS/IP on the Internet. I've been at
this long enough however to know that I'm not smart enough to identify
every business need and application that people may come up with for a
specific service. With this in mind, I'm *very* hesitant to ram my
beliefs down someones throat without fully understanding where they are
coming from, and what their needs are.

So with that in mind, the correct fix is to have the OS vendor rectify
the problem, not expect ISPs to enforce some kind of militant "Big
Brother" action for everyone's good. This way people have choices.
Choices are good. :-)

>From the "Live Free or Die" state,

More information about the list mailing list