NetBios CIFS

NetBios is a protocol that is used for sharing files/printers, generally by Microsoft systems.

Profiles screen

“IPS” tab

Automatically detect and inspect the protocol

If this protocol has been enabled, it will automatically be used for discovering corresponding packets in filter rules.

Maximum size of elements (bytes)

Name of files (SMB2 format)

This number has to be between 1 and 65536 bytes. This file name size (SMB2 - ioctl referral request) is set by default to 61640 to protect the system from the vulnerability CVE 2009-2526.

Microsoft RPC (DCE/RPC)

Inspect Microsoft RPC (DCE/RPC) protocol

As the DCE/RPC protocol can be encapsulated in this protocol, this option allows enabling or disabling its inspection.

Authentication

Verify user legitimacy

If this option is selected, you will be enabling user authentication via the CIFS header. The CIFS plugin will therefore be capable of extracting the user ID and comparing it against the list of users authenticated on the firewall. When no authenticated users match, the packet will be blocked.

Support

Disable intrusion prevention

When this option is selected, the scan of the NetBios CIFS protocol will be disabled and traffic will be authorized if the filter policy allows it.