Re: [fw-wiz] Isolating internal servers behind firewalls




One upon a time, when security was not yet an helpless field [1]...

I have had to write an SMB filter for an NFR IDS. It was a nightmare to
troubleshoot because of the faulty specification and implementation from
Microsoft :(
At last, I only did SMB packet header checks and no SMB protocol analysis.

[1] before the e-business paradigm and the "everything-over-HTTP" pattern


JDG

"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick

On Monday, September 10, 2007 7:34 PM, ArkanoiD wrote:

I am yet to see a firewall capable of intelligent SMB filtering.

Quite simple requirement (say, allow file sharing and deny
other potentilly dangerous rpc's) and nobody meets it. Except
maybe Solsoft NSM which is rather dead than alive.

On Mon, Sep 10, 2007 at 08:09:17AM -0500, Behm, Jeffrey L. wrote:

How many new exploits come in via chargen nowadays, which you could
block vs. how many come in via Microsoft networking (Ports 445, 137,
139, etc.), which you would have open, if you want file shares to
work.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards