|
Nmap Development
mailing list archives
Re: RPC over HTTP
From: Alan Jones <asj () ipa net>
Date: Sun, 06 Mar 2005 11:07:16 -0600
On Mar 05 2005 Martin Maèok wrote:
>
>On Fri, Mar 04, 2005 at 09:16:51PM -0500, Jon-Erik wrote:
>(By the way, the whole concept of RPC over HTTP seems rather silly to me
>- first we realize that Microsoft's RPC protocols are insecure so we
>set up our firewalls to block them in and out of our house ...
>then Microsoft realizes we are blocking them so they start
>tunneling it through http so they can traverse the net again - and
>they even call it "security"! It also reminds me of the
>virus/antivirus culture ;-)
/>> This is a realtively new thing /
>This MAPI might be new but the RPC over HTTP procol itself is not that
>hot ...
Ok I am confused about this. Are you saying that RPC over HTTP is not
really being pushed and implemented? Every MS Exchange person I talk to
these days has that as something they have recently done or are wanting
to do as soon as they get to Exchange 2003 and Outlook 2003 rolled out.
The Microsoft Reps also push RPC over HTTP as a way to get around
problems. "No more having to mess with VPN issues and teaching you end
users how to connect to the VPN just for e-mail".
This is not just where I work, but other places. People that claim to
be interested in security say it is a "filtered" when it goes though
HTTP so no worries. I am not sure I buy this, but don't have any
knowledge one way or another.
From a security perspective I really questioned RPC over HTTP when they
implemented it where I work. They challenged me to find any strong
information security issues with it. At the time of my search the only
articles of concern I could find all talked about theory and were before
Exchange 2003 was released so that did not really help much.
I think there could be some advantages detecting RPC over HTTP from both
a version detection perspective. You know the OS is Windows 2003 and the
Mail Server is Exchange 2003 or greater. It would be a much stronger
version number then saying it could be any Windows server all the way
back to NT. This would also be helpful from a scanning perspective if
there were some firm security holes in RPC over HTTP discovered so that
one could scan a range and say hey you need to fix this.
just my random rant after dealing with this in my own organization.
Alan
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
 By Date 
By Thread
Current thread:
- Re: RPC over HTTP, (continued)
|
Intro
