Re: Why is Win Explorer accessing the Net?
From: David (davidwnh_at_adelphia.net)
Date: 12/25/03
- Next message: chris_at_nospam.com: "Re: Port 135 Probes Continue"
- Previous message: Lew Pitcher: "Re: Security through wide system use?"
- In reply to: Walter Roberson: "Re: Why is Win Explorer accessing the Net?"
- Next in thread: Hairy One Kenobi: "Re: Why is Win Explorer accessing the Net?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Dec 2003 07:28:28 GMT
You don't mention the version of Exchange server, but I would use
Exchange Web access. It's not very cost effective to set up a vpn unless
the users need other lan access also. You can use SSL to encrypt and
also client certificates to make authentication tighter.
Avoid using anything over the internet that requires access to the
portmapper unless it is over a vpn or other secure link. There are still
unresolved issues with it and probably always will be.
>
> Here's an issue that I've run into that perhaps you could clue
> me in on:
>
> Client contacts Exchange Server (pre-AD). Client negotiates
> a port via RPC (TCP 135). Client holds short TCP conversation and
> drops the connection. Later (a few hours, up to a couple of weeks),
> Exchange server wishes to send information to client. Exchange
> server attempts to contact client at -same- IP address and port
> that client used last time they connected many days before.
> Firewall does not let server through because the original port
> the client used was dynamically allocated and the TCP connection
> had been closed long ago. Exchange server retries and retries
> and retries, persisting in attempting to contact the dynamic
> TCP port for over a week.
>
> Now, not having control over the corporate Exchange servers, how
> can I configure the client to stop the server from remembering the
> ip + port (both of which could have been dynamically allocated) --
> or how can I *reasonably* configure a stateful firewall to
> recognize this situation and make the appropriate back-connection
> even if the public IP has been long ago reallocated?
- Next message: chris_at_nospam.com: "Re: Port 135 Probes Continue"
- Previous message: Lew Pitcher: "Re: Security through wide system use?"
- In reply to: Walter Roberson: "Re: Why is Win Explorer accessing the Net?"
- Next in thread: Hairy One Kenobi: "Re: Why is Win Explorer accessing the Net?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
