NetBios CIFS

NetBios is a protocol that is used for sharing files/printers, generally by Microsoft systems.

Profiles screen

“IPS” tab

Automatically detect and inspect the protocol

If the protocol is enabled, this option allows corresponding traffic detected and authorized by a filter rule with an IPS or IDS inspection level and that does not use the default port to be inspected at the application level. If this option is not selected, protocol analysis is limited to the transport layer (TCP/UDP).

Maximum size of elements (bytes)

Name of files (SMB2 format)

This number has to be between 1 and 65536 bytes. This file name size (SMB2 - ioctl referral request) is set by default to 61640 to protect the system from the vulnerability CVE 2009-2526.

Microsoft RPC (DCE/RPC)

Inspect Microsoft RPC (DCE/RPC) protocol

As the DCE/RPC protocol can be encapsulated in this protocol, this option allows enabling or disabling its inspection.

Authentication

Verify user legitimacy

If this option is selected, you will be enabling user authentication via the CIFS header. The CIFS plugin will therefore be capable of extracting the user ID and comparing it against the list of users authenticated on the firewall. When no authenticated users match, the packet will be blocked.

Support

Disable intrusion prevention

When this option is selected, the scan of the NetBios CIFS protocol will be disabled and traffic will be authorized if the filter policy allows it.