Re: Isolating internal servers behind firewalls

[jdgorin () computer org]

One upon a time, when security was not yet an helpless field [1]...

I have had to write an SMB filter for an NFR IDS. It was a nightmare to
troubleshoot because of the faulty specification and implementation from
Microsoft :(
At last, I only did SMB packet header checks and no SMB protocol analysis.

[1] before the e-business paradigm and the "everything-over-HTTP" pattern


JDG

"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick

> On Monday, September 10, 2007 7:34 PM, ArkanoiD wrote:
>
> I am yet to see a firewall capable of intelligent SMB filtering.
>
> Quite simple requirement (say, allow file sharing and deny
> other potentilly dangerous rpc's) and nobody meets it. Except
> maybe Solsoft NSM which is rather dead than alive.
>
> On Mon, Sep 10, 2007 at 08:09:17AM -0500, Behm, Jeffrey L. wrote:
> > How many new exploits come in via chargen nowadays, which you could
> > block vs. how many come in via Microsoft networking (Ports 445, 137,
> > 139, etc.), which you would have open, if you want file shares to
> > work.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards