RE: [fw-wiz] firewall for MS RPC

• Previous message: Thomas W Shinder: "RE: [fw-wiz] firewall for MS RPC"
• In reply to: Tichomir Kotek: "[fw-wiz] firewall for MS RPC"
• Next in thread: Christopher Lee: "RE: [fw-wiz] firewall for MS RPC"
• Reply: Christopher Lee: "RE: [fw-wiz] firewall for MS RPC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Tichomir Kotek'" <tichomir.kotek@lynx.sk>, "'fw'" <firewall-wizards@honor.icsalabs.com>
Date: Sat, 3 Apr 2004 15:59:48 -0500

Thy Symantec Enterprise Firewall (SEF, was formerly called Raptor firewall)
has a proxy for SMB/CIFS that should be able to handle most of the traffic
using MS RPC. It is quite granular about what commands are allowed and what
need to be blocked in the CIFS protocol suite.

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Tichomir
Kotek
Sent: March 30, 2004 9:23 AM
To: fw
Subject: [fw-wiz] firewall for MS RPC

Hi All

I'm looking for a solution for firewalling MS RPC protocol
A lot of firewalls can do app. inspection/ proxying of SUN RPC (old
portmapper)
but except the MS ISA proxy none can do MS RPC.
I think it's because of "closed source" nature of MS RPC (nad MS at all :)

I have found closest to firewalling MS RPC is PIX with established command
set,
(you can make ASA accept another connection from/to port/port range after
connection to 135)
but I'd like to ask folks around here :

Is there a firewall/solution/workaround that does it better ?

there are workaround I'm aware of :
1. RPC over HTTP/HTTPS - requires ISS server
2. PPTP/L2TP tunnel with/without IPsec

with regards

        tk

-- 
Tichomír Kotek
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Thomas W Shinder: "RE: [fw-wiz] firewall for MS RPC"
• In reply to: Tichomir Kotek: "[fw-wiz] firewall for MS RPC"
• Next in thread: Christopher Lee: "RE: [fw-wiz] firewall for MS RPC"
• Reply: Christopher Lee: "RE: [fw-wiz] firewall for MS RPC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Proxy capabilities and securenat/firewall client ... I currently have a watchguard box as my perimeter firewall. ... public IP) in order to utilise it's reverse web proxy functionality. ... Connection. ... IPSEC firewall client? ... (microsoft.public.isaserver) Re: RPC over HTTPs - newbie question part 2 ... connection and connects normally without needing to use RPC over HTTPS. ... I'm wondering why it works when I'm behind the firewall and not when I'm ... The server must also be in the Global Catalog Role in order for RPC ... using RPC over HTTP. ... (microsoft.public.exchange.setup) Re: check the presence of a reverse proxy ... | redirected by the proxy to the webserver. ... | firewall, from a subnet connected to internal ... You can try crafted HTTP Request. ... Connection closed by foreign host. ... (Pen-Test) Re: Remote Procedure Call Error ... next RPC countdown begins. ... sure you've enabled a firewall before starting, ... W32.Blaster.Worm Removal Tool ... > my connection, under Networking, I can change the address ... (microsoft.public.windowsxp.general) Re: security port 443 ... It is doubtful that anything is blocking your outbound https and if you ... have a firewall, any firewall should allow incoming traffic for any ... connection to that site where the foreign address is using port 443. ... If you are using a proxy ... (microsoft.public.security)