[fw-wiz] Re: RPC 135

From: Norman Zhang (norman.zhang_at_gmail.com)
Date: 05/31/05


To: firewall-wizards@honor.icsalabs.com
Date: Mon, 30 May 2005 17:50:34 -0600

On 5/30/05, L Cubed <lllcubed@gmail.com> wrote:
> On 5/27/05, Norman Zhang <norman.zhang@gmail.com> wrote:
> > Currently TCP\135 is enabled for
> >
> > * domain logon and authentication between DCs
> > * remote activities such as looking security logs
> >
>
> Enabled on what device (firewall/router/RAS/VPN), and from what/where
> to how many DC's?

TCP\135 is allowed on the firewall. There are many DC's, NFS servers
connected to the firewall, and need to access resources via TCP\135.

> Do you have any devices that are currently doing strong authentication
> now? If so, describe how it is setup, and if you are able to use it
> for remote administration. If you don't anything setup that you think
> is classified as strong authentication, are you planning on putting it
> in, and when?

What do you mean strong authentication? I don't manage any of the DCs.
I'm not sure what authentication they use. I'm not too concern of the
authentication scheme that they use.

I like to find out the technical details of converting TCP\135 to
RPC\135. My understanding is TCP\135 or UDP\135 will allow anything that
goes through 135, including blaster, ..., etc. Enforcing RPC\135 will
enable me to lock down the protocol to what program the RPC uses. E.g.,
10000 for portmapper/rpcbind, and some DCOM/MS-RPC for legit MS
applications, such as Exchange, W2K DC. I like to know how stateful
inspection would work for such RPC apps. Could someone please expand on
this?

Regards,
Norman Zhang

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Outlook using RPC over HTTPS does not authenticate using the Kerberos Realm
    ... Used Outlook in Safe Mode, ... For testing, client and server are on the same network, so no proxy server. ... Please first select "Integrated Windows Authentication" on the PRC virtual ... Disable firewall or antivirus on PC, ...
    (microsoft.public.exchange.admin)
  • Re: need help to answer firewall question......
    ... Checkpoint is a fine firewall and supports a fairly large number of ... authentication methods, so if Checkpoint can't do what your boss is asking ... Increasing security is a tradeoff with reducing convenience and in some ... The firewall does "authenticate" successful connections to your servers by ...
    (comp.security.firewalls)
  • Re: IM Programs
    ... authentication part of it). ... I HATE INSTANT MESSENGERS. ... > It is virtually impossible to block them with a firewall. ... > and access one of the main MSN pages. ...
    (Security-Basics)
  • PPTP Routing Cisco 1841
    ... aaa authentication ppp default group radius local ... ip inspect name firewall tcp ... ip nat inside ... encapsulation aal5mux ppp dialer ...
    (comp.dcom.sys.cisco)
  • Re: Firewall with one-time passwords?
    ... All the authentication does is to tell the firewall allow ... Your one-time password has to be machine-generated, ... > stolen laptop with an unencrypted private key is a free ticket. ...
    (comp.os.linux.security)