Re: Why is Win Explorer accessing the Net?
From: Leythos (void_at_nowhere.com)
Date: 12/23/03
- Next message: David Magda: "Re: Port 135 Probes Continue"
- Previous message: Dale Dellutri: "Re: Security through wide system use?"
- In reply to: Walter Roberson: "Re: Why is Win Explorer accessing the Net?"
- Next in thread: David: "Re: Why is Win Explorer accessing the Net?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Dec 2003 20:23:34 GMT
In article <bs9oue$dtc$1@canopus.cc.umanitoba.ca>, roberson@ibd.nrc-
cnrc.gc.ca says...
> In article <MPG.1a52295fa0f7f254989fba@news-server.columbus.rr.com>,
> Leythos <void@nowhere.com> wrote:
> :MS makes great software for the business and home, it's simple to
> :install, easy to use, and on the average, has more features that any GNU
> :or Open Source product available.
>
> :If you don't know how to secure something it only takes about an hours
> :time to research it to figure it out.
>
> Unless it's peered MS Exchange (pre-AD) servers. The MS
> documentation gives a very short list of ports that has little
> relationship to reality. I analyzed the firewall logs to see
> what ports were actually being used -- it was over 20 different
> protocols. And it continues to surprise me; I noticed in my
> logs this morning that the traffic flow has changed again since
> the last time I analyzed about 3 weeks ago.
>
> Here's an issue that I've run into that perhaps you could clue
> me in on:
>
> Client contacts Exchange Server (pre-AD). Client negotiates
> a port via RPC (TCP 135). Client holds short TCP conversation and
> drops the connection. Later (a few hours, up to a couple of weeks),
> Exchange server wishes to send information to client. Exchange
> server attempts to contact client at -same- IP address and port
> that client used last time they connected many days before.
> Firewall does not let server through because the original port
> the client used was dynamically allocated and the TCP connection
> had been closed long ago. Exchange server retries and retries
> and retries, persisting in attempting to contact the dynamic
> TCP port for over a week.
>
> Now, not having control over the corporate Exchange servers, how
> can I configure the client to stop the server from remembering the
> ip + port (both of which could have been dynamically allocated) --
> or how can I *reasonably* configure a stateful firewall to
> recognize this situation and make the appropriate back-connection
> even if the public IP has been long ago reallocated?
It sounds like you are setup wrong, in that you don't do RPC over the
internet or through the firewall. You appear to be external to the
firewall and should be using a VPN tunnel to connect to the exchange
LAN.
Also, if you are in the FW LAN and the Exchange is in the FW DMZ you
don't have to allow RPC between them - I've setup a oneway LAN ANY > DMZ
and use Exchange just fine - you have to enter the password each time
you open outlook, and the check-for-messages has to be configured, but
you don't have to let the exchange server hit the LAN.
You can also setup RCP between the LAN and the DMZ and between the E2K
box in the DMZ and the LAN and it works also (I don't like this method).
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: David Magda: "Re: Port 135 Probes Continue"
- Previous message: Dale Dellutri: "Re: Security through wide system use?"
- In reply to: Walter Roberson: "Re: Why is Win Explorer accessing the Net?"
- Next in thread: David: "Re: Why is Win Explorer accessing the Net?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
