Firewall Wizards mailing list archives
How MSRPC flow is handled? How to delete the flows after successful transfer of data
From: rahul sharma <rahulatgslab () gmail com>
Date: Fri, 17 Feb 2012 20:06:18 +0530
Hi All, I am trying to get details about MSRPC and its working. So far I have come to know that when a Client requests for a particular service, first it comes to End Point Mapper. Then in response to Map Request, the Port and IP address are sent to client in Response's Tower id 4 and 5 respectively. Now I have the port and IP address. I simply connect to that service. Now suppose I am firewalling it. Now if I allowed the MSRPC packets, then I will create an embryonic flow for that connection, and then the firewall will allow those packets. Now my problem is how I will detect for how long I need to keep that flow open? If the communication on that port has finished, then how should I make sure that now its exited and I need to delete the flow ID? Can anyone help me how should I go for this or how is this actually implemented?? Thanks and Regards Rahul Sharma
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- How MSRPC flow is handled? How to delete the flows after successful transfer of data rahul sharma (Feb 22)