[ale] SMB options

Dow Hurst dhurst at kennesaw.edu
Mon Jan 12 10:20:04 EST 2004 

If your clients will purchase the SSH.com client software 
for Windows then they could have a very simple Windows 
oriented file management between machines using drag and 
drop.  You can interoperate with OpenSSH to some extent but 
you might want to go with SSH.com's ssh code as it has been 
the most secure SSH code of all.  I take it your not 
eligible for the free license from them so you would have to 
negotiate a price for your server licensing.  We have used 
their code for years now and never had to deal with a 
security problem.
Dow


David Hamm wrote:
> Well,  I guess that seals it, there's no easter egg to found for this one.   
> I'll continue using IPTables and begin adding a -j ACCEPT for PPTP.  Boy, 
> PopTop put up a good fight last time I tried it.  Guess it's going to be a 
> long day.  
> 
> Thanks for the input everyone.  
> 
> On Saturday 10 January 2004 11:17 pm, Michael H. Warfield wrote:
> 
>>On Sat, Jan 10, 2004 at 03:50:47PM -0500, David Hamm wrote:
>>
>>>Finding the servere is not the problem.  The problem is that AllTel has
>>>blocked port 135 on thier network and the user can't mount the share. 
>>>Since I have DSL with BellSouth I have no problem and neither do CBeyond
>>>customers. It is only AllTel and I anticipate more will have this problem
>>>in the future as ISP's attempt to protect customers from worms.
>>
>>	You got that right.  Even Microsoft now recommends, in some of their
>>knowledge base articles, to block ports 135-139,1433,1434 plus several
>>others, both tcp&udp, from the general network.  These are NOT protocols
>>which are appropriate for access over the internet in general.  You want
>>these connections, set up a VPN.  Too much trouble?  Then mirror the server
>>to a box behind a firewall and let them get at it there.  Or enable the
>>uploads to a box in a DMZ to which the users have access (through a VPN
>>or otherwise).
>>
>>
>>>On Saturday 10 January 2004 03:11 pm, James P. Kinney III wrote:
>>>
>>>>No. If all they are doing is downloading a file from an internet
>>>>server, then let use and http get.
>>>>
>>>>If you need more complicated access then consider setting up a wins
>>>>server so the users can find the machine and it's shares.
>>>>
>>>>On Sat, 2004-01-10 at 13:05, David Hamm wrote:
>>>>
>>>>>Are you saying you can mount shares or access directories and files
>>>>>via HTTP in the same manner as SMB?  The SMB users need the full
>>>>>functionality of an SMB share.
>>>>>
>>>>>On Saturday 10 January 2004 12:14 pm, James P. Kinney III wrote:
>>>>>
>>>>>>Try a login authenticated web access.
>>>>>>
>>>>>>On Sat, 2004-01-10 at 11:30, David Hamm wrote:
>>>>>>
>>>>>>>Hello,
>>>>>>>
>>>>>>>I have an FTP server sittting on the Internet.  One group of
>>>>>>>users uploads files via FTP the other group downloads those files
>>>>>>>via SMB. Securing SMB communications in most cases is handeled by
>>>>>>>listing the SMB users's IP address in an IPTables rule with a -j
>>>>>>>ACCEPT.  But recently I gained an SMB user an ALLTel's network
>>>>>>>and ALLTel blocks port 135.  The only options I can come up with
>>>>>>>is eithher FreeSwan or PopTop and from recent experiences I'm not
>>>>>>>excited about using either.  I wonder if I could run SMB on
>>>>>>>another port? Under Linux I don't see a problem but the Windows
>>>>>>>workstations mounting the share can't be modified since they also
>>>>>>>participate in an SMB based LAN. Any suggestions are welcomed.
>>>>>>>
>>>>>>>Thanks.
>>>>>>>
>>>>>>>_______________________________________________
>>>>>>>Ale mailing list
>>>>>>>Ale at ale.org
>>>>>>>http://www.ale.org/mailman/listinfo/ale
>>>>>
>>>>>_______________________________________________
>>>>>Ale mailing list
>>>>>Ale at ale.org
>>>>>http://www.ale.org/mailman/listinfo/ale
>>>
>>>_______________________________________________
>>>Ale mailing list
>>>Ale at ale.org
>>>http://www.ale.org/mailman/listinfo/ale
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 

-- 
__________________________________________________________
Dow Hurst                  Office: 770-499-3428            *
Systems Support Specialist    Fax: 770-423-6744            *
1000 Chastain Rd. Bldg. 12                                 *
Chemistry Department SC428  Email:   dhurst at kennesaw.edu   *
Kennesaw State University         Dow.Hurst at mindspring.com *
Kennesaw, GA 30144                                         *
************************************************************
This message (including any attachments) contains          *
confidential information intended for a specific individual*
and purpose, and is protected by law.  If you are not the  *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it,  *
is strictly prohibited.                                    *
************************************************************

More information about the Ale mailing list