Firewall Wizards mailing list archives
RE: firewall for MS RPC
From: "Daniel Chemko" <dchemko () smgtec com>
Date: Mon, 5 Apr 2004 09:01:41 -0700
Is there a firewall/solution/workaround that does it better ?
MS-RPC, which is really DCE-RPC is well documented. It is a public standard, so many shouldn't have a problem implementing the standard if they really wanted to. Mind you, there are also secure variants of DCE-RPC where they are SSL protected. In this mode, you can't use L7 filters and you may be able to NAT the session. This is one of the built in features of SSL to not allow you to intercept traffic. I have not looked into DCE, so there may be workarounds that I'm not aware of. That said, having MSRPC with a windows machine open on the internet is pretty frigging dangerous. I'd avoid it like the plague.
there are workaround I'm aware of : 1. RPC over HTTP/HTTPS - requires ISS server 2. PPTP/L2TP tunnel with/without IPsec
I'd go with #2 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- firewall for MS RPC Tichomir Kotek (Apr 03)
- RE: firewall for MS RPC Bill Royds (Apr 05)
- RE: firewall for MS RPC Christopher Lee (Apr 08)
- Re: firewall for MS RPC Shimon Silberschlag (Apr 05)
- <Possible follow-ups>
- RE: firewall for MS RPC Thomas W Shinder (Apr 05)
- RE: firewall for MS RPC Daniel Chemko (Apr 08)
- RE: firewall for MS RPC Thomas W Shinder (Apr 10)
- RE: firewall for MS RPC Bill Royds (Apr 05)