nanog mailing list archives

Re: ISPs as content-police or method-police

From: joshua stein <jcs () rt fm>
Date: Mon, 20 Nov 2000 14:02:12 -0600


John Kristoff wrote:

The problem is that 137-139 are just numbers.  The fact that a typically
insecure application runs over port 137/139 as opposed to say, 25609,
makes no difference.  If the logic follows, then block port 21, 111 and
maybe even port 80.  I'm sure we can find over zealous security experts
making claims that those services are inherently insecure as well. 
Someone will come up with a way of doing file sharing over another port
number, over another protocol, over a conforming application (e.g. HTTP)
and probably using encryption so you can't tell what it is.


If users are smart enough to switch the port and encrypt their traffic,
then obviously there's nothing to worry about.  The original suggestion
was to protect users that probably don't even realize they have shares
open to the world.

Current thread:

RE: Operational impact of filtering SMB/NETBIOS traffic?, (continued)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Adam Rothschild (Nov 20)
    - ISPs as content-police or method-police Ehud Gavron (Nov 20)
    - Re: ISPs as content-police or method-police Valdis . Kletnieks (Nov 20)
    - RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
    - Re: ISPs as content-police or method-police Shawn McMahon (Nov 20)
    - Re: ISPs as content-police or method-police Ben Browning (Nov 20)
    - RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
    - Re: ISPs as content-police or method-police John Kristoff (Nov 20)
    - Re: ISPs as content-police or method-police joshua stein (Nov 20)
    - RE: ISPs as content-police or method-police Mark Radabaugh (Nov 20)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
  - RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Etaoin Shrdlu (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Adam McKenna (Nov 19)

(Thread continues...)