Search This Blog

Tuesday, September 11, 2007

firewall-wizards Digest, Vol 17, Issue 10

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Isolating internal servers behind firewalls
(jdgorin@computer.org)


----------------------------------------------------------------------

Message: 1
Date: Tue, 11 Sep 2007 10:42:49 +0200
From: jdgorin@computer.org
Subject: Re: [fw-wiz] Isolating internal servers behind firewalls
To: firewall-wizards@listserv.cybertrust.com
Message-ID: <1189500169.46e6550936911@imp.free.fr>
Content-Type: text/plain; charset=ISO-8859-1


One upon a time, when security was not yet an helpless field [1]...

I have had to write an SMB filter for an NFR IDS. It was a nightmare to
troubleshoot because of the faulty specification and implementation from
Microsoft :(
At last, I only did SMB packet header checks and no SMB protocol analysis.

[1] before the e-business paradigm and the "everything-over-HTTP" pattern


JDG

"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick

> On Monday, September 10, 2007 7:34 PM, ArkanoiD wrote:
>
> I am yet to see a firewall capable of intelligent SMB filtering.
>
> Quite simple requirement (say, allow file sharing and deny
> other potentilly dangerous rpc's) and nobody meets it. Except
> maybe Solsoft NSM which is rather dead than alive.
>
> On Mon, Sep 10, 2007 at 08:09:17AM -0500, Behm, Jeffrey L. wrote:
> >
> > How many new exploits come in via chargen nowadays, which you could
> > block vs. how many come in via Microsoft networking (Ports 445, 137,
> > 139, etc.), which you would have open, if you want file shares to
> > work.
> >


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 17, Issue 10
************************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)