I disagree that most ISP's block the following: tcp or udp 135 (mapping) tcp or udp 137 (NetBIOS Name Service) udp 138 (NetBIOS datagrams - the actual data) tcp 139 (NetBIOS Session)
Any more than they block the rest of it. If they did, for one thing, your firewalls wouldn't be blocking this stuff every minute as the script kiddies aim their pre-written tools at massive netblocks. Furthermore they would have to state this in their service agreements. I can tell you for a fact that Sprint, XO, New Edge (who bought @Work), MCI/UUNET, PSI, QWEST, and AT&T (not including the cable modem market - that is another story) do not block this traffic from/to customer networks. Cable providers do have a nasty habit of blocking udp 500 (isakmp) but that is for financial reasons (they want you to pay for "business class" service if you use a VPN.) That doesn't mean that they don't block it (NetBIOS) from their own servers, as most sane people would/should/do - but if they blocked their customers, however foolish, from doing this they would be violating service agreements. -- James D. Wilson, CCDA, MCP Sr. Network/Security Engineer "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Logan, Harold Sent: Monday, April 08, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: RE: netbios over internet [7:40784] The biggest obstacle is the fact that most ISP's filter NBT traffic. It works just fine over a VPN connection, as the ISP doesn't see the NBT packets; they see VPN traffic. Basically all you have to do is get around an access list blocking ports 137, 138, and 139. -----Original Message----- From: Kim Edward B [mailto:[EMAIL PROTECTED]] Sent: Mon 4/8/2002 11:45 AM To: [EMAIL PROTECTED] Cc: Subject: RE: netbios over internet [7:40784] I don't think it can. As far as I know, it can do IP/IPX/DecNet/AppleTalk/Vines/CLNS. NetBios over TCP/IP will work with GRE but not straight NetBios or SNA. If GRE works with NetBios or SNA, it will be cool. I think that is why we use DLSW with NetBios and SNA connection. Ed -----Original Message----- From: Jay [mailto:[EMAIL PROTECTED]] Sent: Monday, April 08, 2002 10:44 AM To: [EMAIL PROTECTED] Subject: Re: netbios over internet [7:40784] Is it possible to send nonroutable traffic through a GRE Tunnel? On Mon, 2002-04-08 at 10:12, Engelhard M. Labiro wrote: > How about NetBIOS over TCP/IP (NBT) and encapsulate > it with IPSec. Another idea is using a GRE tunnel to > pass the NetBIOS to the next hop. > > > > I don't think you can, besides bridging on every internet hop. > > > > On Sun, 2002-04-07 at 23:14, cage wrote: > > > how can I make the netbios over Internet except the dlsw+ ? ***************************************************************** DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40888&t=40784 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
