How MSRPC flow is handled? How to delete the flows after successful transfer of data

[rahul sharma <rahulatgslab () gmail com>]

Hi All,

I am trying to get details about MSRPC and its working. So far I have come
to know that when a Client requests for a particular service, first it
comes to End Point Mapper. Then in response to Map Request, the Port and IP
address are sent to client in Response's Tower id 4 and 5 respectively. Now
I have the port and IP address.  I simply connect to that service. Now
suppose I am firewalling it. Now if I allowed the MSRPC packets, then I
will create an embryonic flow for that connection, and then the firewall
will allow those packets.

Now my problem is how I will detect for how long I need to keep that flow
open? If the communication on that port has finished, then how should I
make sure that now its exited and I need to delete the flow ID? Can anyone
help me how should I go for this or how is this actually implemented??

Thanks and Regards
Rahul Sharma

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards