RE: [fw-wiz] firewall for MS RPC

From: Christopher Lee (clee_at_myhome.homeip.net)
Date: 04/06/04

  • Next message: Greg Dickinson: "[fw-wiz] Static ARP firewall advice"
    To: <Bill@royds.net>, "'Tichomir Kotek'" <tichomir.kotek@lynx.sk>, "'fw'" <firewall-wizards@honor.icsalabs.com>
    Date: Mon, 5 Apr 2004 22:31:19 -0400
    
    

    And so is Check Point VPN-1, it has special stateful inspection modules
    written specifically for both general RPC protocols (NFS and friends) and
    MS-Exchange RPC protocols.

    Chris

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Bill Royds
    Sent: April 3, 2004 4:00 PM
    To: 'Tichomir Kotek'; 'fw'
    Subject: RE: [fw-wiz] firewall for MS RPC

    Thy Symantec Enterprise Firewall (SEF, was formerly called Raptor firewall)
    has a proxy for SMB/CIFS that should be able to handle most of the traffic
    using MS RPC. It is quite granular about what commands are allowed and what
    need to be blocked in the CIFS protocol suite.

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Tichomir
    Kotek
    Sent: March 30, 2004 9:23 AM
    To: fw
    Subject: [fw-wiz] firewall for MS RPC

    Hi All

    I'm looking for a solution for firewalling MS RPC protocol
    A lot of firewalls can do app. inspection/ proxying of SUN RPC (old
    portmapper)
    but except the MS ISA proxy none can do MS RPC.
    I think it's because of "closed source" nature of MS RPC (nad MS at all :)

    I have found closest to firewalling MS RPC is PIX with established command
    set,
    (you can make ASA accept another connection from/to port/port range after
    connection to 135)
    but I'd like to ask folks around here :

    Is there a firewall/solution/workaround that does it better ?

    there are workaround I'm aware of :
    1. RPC over HTTP/HTTPS - requires ISS server
    2. PPTP/L2TP tunnel with/without IPsec

    with regards

            tk

    -- 
    Tichomír Kotek
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Greg Dickinson: "[fw-wiz] Static ARP firewall advice"

    Relevant Pages

    • Re: Timout control with RPC/HTTP
      ... specifies the minimum connection timeout used by the ... client and RPC Proxy, in seconds. ... Microsoft CSS Online Newsgroup Support ...
      (microsoft.public.exchange.admin)
    • Re: Timout control with RPC/HTTP
      ... please also check the RPC web site connection timeout settings ... Maybe the idle timeout settings depend on here. ...
      (microsoft.public.exchange.admin)
    • Re: Adding Simple TCPIP Services via Add or Remove Programs
      ... I have the Remote Procedure Call (RPC) Locator ... As far as DNS settings, ... Right click your connection | Repair ... A Description of the Repair Option on a Local Area Network or High-Speed ...
      (microsoft.public.windowsxp.general)
    • RPC Problem with WinXP SP2
      ... I have a Client application which is installed on a Windows XP SP 2 box. ... On start-up the application connects to the application server. ... own RPC Server, to which the application server is intended to ... This RPC connection is used to inform the client app. ...
      (microsoft.public.win32.programmer.networks)
    • Re: Outlook wont connect locally when configured for HTTP
      ... the lan it connects via RPC over HTTPS perfectly. ... HTTPS connection it fails because our firewall won't allow an internal ... starts up the laptop until he can actually start working. ...
      (microsoft.public.windows.server.sbs)