Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: firewall for MS RPC

RE: firewall for MS RPC

From: Christopher Lee <clee_at_myhome.homeip.net>
Date: Mon, 5 Apr 2004 22:31:19 -0400

And so is Check Point VPN-1, it has special stateful inspection modules
written specifically for both general RPC protocols (NFS and friends) and
MS-Exchange RPC protocols.

Chris

-----Original Message-----
From: firewall-wizards-admin_at_honor.icsalabs.com
[mailto:firewall-wizards-admin_at_honor.icsalabs.com] On Behalf Of Bill Royds
Sent: April 3, 2004 4:00 PM
To: 'Tichomir Kotek'; 'fw'
Subject: RE: [fw-wiz] firewall for MS RPC

Thy Symantec Enterprise Firewall (SEF, was formerly called Raptor firewall)
has a proxy for SMB/CIFS that should be able to handle most of the traffic
using MS RPC. It is quite granular about what commands are allowed and what
need to be blocked in the CIFS protocol suite.

-----Original Message-----
From: firewall-wizards-admin_at_honor.icsalabs.com
[mailto:firewall-wizards-admin_at_honor.icsalabs.com] On Behalf Of Tichomir
Kotek
Sent: March 30, 2004 9:23 AM
To: fw
Subject: [fw-wiz] firewall for MS RPC

Hi All

I'm looking for a solution for firewalling MS RPC protocol
A lot of firewalls can do app. inspection/ proxying of SUN RPC (old
portmapper)
but except the MS ISA proxy none can do MS RPC.
I think it's because of "closed source" nature of MS RPC (nad MS at all :)

I have found closest to firewalling MS RPC is PIX with established command
set,
(you can make ASA accept another connection from/to port/port range after
connection to 135)
but I'd like to ask folks around here :

Is there a firewall/solution/workaround that does it better ?

there are workaround I'm aware of :
1. RPC over HTTP/HTTPS - requires ISS server
2. PPTP/L2TP tunnel with/without IPsec

with regards

        tk 

-- 
Tichomír Kotek
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 09 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos