RE: Exchange/MAPI/RPC
From: Nero, Nick (Nick.Nero@disney.com)
Date: 03/17/03
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #129"
- Maybe in reply to: Joseph Burton: "Exchange/MAPI/RPC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Mar 2003 14:36:06 -0500 From: "Nero, Nick" <Nick.Nero@disney.com> To: "Joseph Burton" <joseph_burton1970@hotmail.com>, <focus-ms@securityfocus.com>
Hmmm, I don't believe you can change Port 135 since that is the endpoint mapper for Exchange and is necessary for clients to hit first in order to be redirected to another port. The other ports can be statically defined in the registry to make Exchange work through a firewall (for the 3 other Exchange services). I still believe though that 135 has to stay where it is. I don't know of any exploit on that port though.
I am wary, myself, of allowing true Outlook client acces over the net. I always go with a secure OWA if I can.
-----Original Message-----
From: Joseph Burton [mailto:joseph_burton1970@hotmail.com]
Sent: Monday, March 17, 2003 10:05 AM
To: focus-ms@securityfocus.com
Thank you for all the answers, I now have a better understanding of MAPI and RPC.
Two follow-up questions:
1. When using ISA server to publish an Exchange server, which port do the clients connect to? Port 135? Can this be changed to any port?
2. Do I need the new Outlook 11 version to be able to use the RPC-over-HTTP feature in Exchange 2003? Or does Outlook 2000/XP work as well? Also, is it possible to use SSL with this feature? Any other issues with HTTP-RPC that I need to be aware of? For example, does it play nice with proxies?
Thanks again,
//Joe
_________________________________________________________________
Lättare att hitta drömresan med MSN Resor http://www.msn.se/resor/
----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33
----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #129"
- Maybe in reply to: Joseph Burton: "Exchange/MAPI/RPC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
