[Dshield] Windoze Questions...SAMBA + Windows AD Question

Laurie Kennedy cblmaint at cblptyltd.com.au
Mon Feb 16 23:46:03 GMT 2004


Since the latest 'critical' update, I have noticed that snort reveals a
'[1:538:7] NETBIOS SMB IPC$ share access (unicode)' connect to my SMB server
that was not hapenning before (7:35 am, 8:06am, 8:38am). I don't set up a
domain, only a peer workgroup, the Win 2000/XP takes over the management,
and the firewall does the DHCP. It seems like the days of remote
administration are gone and everybody needs to block off external access
(reject everything from the outside in a secure network) and employ more
technical staff.

Unfortunately, if someone sends you an email on a win machine that has linux
code attached, and you scan the mail (in MS-RAV) on linux, this can possibly
work as the trigger for a 'virtual' trojan type virus.  I contacted Vet
about something that they missed (over 2 months ago) on an XP machine and
RAV choked. I received no response. Of course all of the same is applicable
for Unix/Win as it is for Win/Unix.

Dial up or Thin client seems to be the only real way out of this mess
(unless 'they' wake up to themselves and remove their feral 'patches' the
best solution is to ditch Windoze). Does anybody still use banks of modems?
My 'Plan B' is to revert to dial up access. It 'looks' like anything
connected to a Win 2000/XP via broadband is vulnerable, and it also seems
like there are a lot of trustworth people and companies that have been
co-opted into another 'preemptive strike' for no real reason, apart from the



p.s. I have a funny feeling that the states who use electronic voting will
count about 4 times more votes than the rest of the states that don't
combined. How could any competent software engineer/developer design a
system without an audit trail, and expect it to work, let alone debug it in
the first place.

----- Original Message ----- 
From: "John Holmblad" <jholmblad at aol.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Sunday, February 15, 2004 7:35 AM
Subject: Re: [Dshield] Windoze Questions...SAMBA + Windows AD Question

> Laurie,
> your post prompts a question from me concerning the use of Linux/SAMBA
> as a file server on a Microsoft network. As you may be aware, Samba-3
> supports Windows Active Directory and a SAMBA file server can be a
> member computer of an AD domain.Given this capability,  I am interested
> in knowing  whether it is possible for a Linux server that is running
> Samba -3 and which is joined as a computer to an AD domain to be the
> target machine for the folder redirection feature under Windows Group
> Policy? Have you tried doing this on your network?
> The idea here, building upon your point that Linux systems are generally
> protected from Windows targeted malware, is to achieve an additional
> layer of security ("security through OS diversity" if you will) by
> having most or  all Windows 2000/XP users folders automatically mapped
> to one or more Linux/SAMBA systems using the GP feature. For those
> sensitive  folders that could not be re-mapped for performance reasons,
> then  Windows Encrypting File Service could be used to protect such
> files against theft.
> -- 
> Best Regards,
> John Holmblad
> Televerage International
> (H) 703 620 0672
> (M) 703 407 2278
> (F) 703 620 5388
> www page:                      www.vtext.com/users/jholmblad
> primary email address: jholmblad at aol.com
> backup email address:  jholmblad at verizon.net
> text email address:         jholmblad at vtext.com

More information about the list mailing list