One upon a time, when security was not yet an helpless field [1]...

I have had to write an SMB filter for an NFR IDS. It was a nightmare to
troubleshoot because of the faulty specification and implementation from
At last, I only did SMB packet header checks and no SMB protocol analysis.

[1] before the e-business paradigm and the "everything-over-HTTP" pattern


"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick

> On Monday, September 10, 2007 7:34 PM, ArkanoiD wrote:
> I am yet to see a firewall capable of intelligent SMB filtering.
> Quite simple requirement (say, allow file sharing and deny
> other potentilly dangerous rpc's) and nobody meets it. Except
> maybe Solsoft NSM which is rather dead than alive.
> On Mon, Sep 10, 2007 at 08:09:17AM -0500, Behm, Jeffrey L. wrote:
> >
> > How many new exploits come in via chargen nowadays, which you could
> > block vs. how many come in via Microsoft networking (Ports 445, 137,
> > 139, etc.), which you would have open, if you want file shares to
> > work.
> >

firewall-wizards mailing list