Re: RPC over HTTP

["Jon-Erik" <jonerik () myway com>]

> Ok I am confused about this. Are you saying that RPC over HTTP is not
> really being pushed and implemented? Every MS Exchange person I talk to
> these days has that as something they have recently done or are wanting
> to do as soon as they get to Exchange 2003 and Outlook 2003 rolled out.

I don't know if you were responding to me or to a subsequent post, because it only shows me being quoted, but... For my 
part, I agree with this. They are pushing it hard, and the only reason it's not "hot" is because, as we've said, you 
have to have everyone up with Outlook 2003. But it will be.

You didn't have to mess with VPN issues in the past. I know they say that, but it's not true. There were a couple of 
ways to "publish" the MAPI and RPC services (ISA server being one of them) without using RPC over HTTP. 

Anyway, I'm sure of two things. (1) There are plenty of people on this list who know way more than I do, but (2) there 
will come a point where this will be something that needs to be checked for, because I can almost guarantee a 
vulnerability will be found in it.

I'm happy to help to work on an addition for nmap. (= 




_______________________________________________
No banners. No pop-ups. No kidding.
Make My Way your home on the Web - http://www.myway.com

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org