Re: [fw-wiz] Isolating internal servers behind firewalls
- From: jdgorin@xxxxxxxxxxxx
- Date: Tue, 11 Sep 2007 10:42:49 +0200
One upon a time, when security was not yet an helpless field [1]...
I have had to write an SMB filter for an NFR IDS. It was a nightmare to
troubleshoot because of the faulty specification and implementation from
Microsoft :(
At last, I only did SMB packet header checks and no SMB protocol analysis.
[1] before the e-business paradigm and the "everything-over-HTTP" pattern
JDG
"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick
On Monday, September 10, 2007 7:34 PM, ArkanoiD wrote:_______________________________________________
I am yet to see a firewall capable of intelligent SMB filtering.
Quite simple requirement (say, allow file sharing and deny
other potentilly dangerous rpc's) and nobody meets it. Except
maybe Solsoft NSM which is rather dead than alive.
On Mon, Sep 10, 2007 at 08:09:17AM -0500, Behm, Jeffrey L. wrote:
How many new exploits come in via chargen nowadays, which you could
block vs. how many come in via Microsoft networking (Ports 445, 137,
139, etc.), which you would have open, if you want file shares to
work.
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Prev by Date: Re: [fw-wiz] Isolating internal servers behind firewalls
- Next by Date: Re: [fw-wiz] Isolating internal servers behind firewalls
- Previous by thread: Re: [fw-wiz] Issue with replacing SonicWall VPN with Cisco ASA VPN devices
- Next by thread: Re: [fw-wiz] Isolating internal servers behind firewalls
- Index(es):
