Update: it GA'ed in 2022. Go use it in production! 🙂
Heya folks, Ned here again. Today I announced the new SMB over QUIC feature for Windows Server 2022 Datacenter: Azure Edition and Windows I...
Updated Nov 07, 2022
Version 3.0
Blog Post
Isn't this bypassing the old-fashioned firewall security as we know it?
Essentially, you can access any local port through the UDP port? Or, probably, at least the local services should opt-in to using QUIC to receive that kind of access.
I also have doubts about it, because IDS/IPS/firewall systems will have to adapt to it.
Which means new code, new bugs, new security vulnerabilities, etc.
At least, does the Windows firewall somehow handle those connections, in order to allow you to block them (e.g., can you block only the SMB connections on the UDP port and let the HTTP/3 ones pass?).
Is this offering anything to security?
E.g., since the SMB port is not open anymore, can someone still figure out that there is SMB access on that server, or it is well hidden and hard to figure out?
My guess is that it is easy to figure out, since this is meant to work for public access scenarios, like HTTP/3.