Since smbLoris came out, I’ve been trying to find a way to mitigate it, at least make it harder for an attacker to simply plugin in raspberry Pi into a rj-45 jack and starting DoS’ing at will.

After a few days of testing and trying different scenario, I came up with a solution that involves the microsoft firewall. First to be vulnerable to firewall must be either OFF or allowing any traffic on the rule “File and Printer Sharing”

The way to make it a little more secure is to actually only enable the traffic to “authenticated” user/computer. In a large network setup having an IDS + Firewall makes this thrivial to do but just for the exercise, let change this default rule a little. First get into the firewall advanced settings then look for the specific rule.

Modify the Action to “Allow the connection if it is secure” and Click on Customize

Select the Allow the connection if it is authenticated and integrity-protected

From there get into the Remote Users (Remote Computers coud also be specified) Add the desired user

Blocking port 445 inbound from your edge router is a must. From an inside attack, using this method blocks the attack from “unknown” sources.