Firewall Wizards mailing list archives
Re: RPC 135
From: Norman Zhang <norman.zhang () gmail com>
Date: Mon, 30 May 2005 17:50:34 -0600
On 5/30/05, L Cubed <lllcubed () gmail com> wrote: > On 5/27/05, Norman Zhang <norman.zhang () gmail com> wrote: > > Currently TCP\135 is enabled for > > > > * domain logon and authentication between DCs > > * remote activities such as looking security logs > > > > Enabled on what device (firewall/router/RAS/VPN), and from what/where > to how many DC's?TCP\135 is allowed on the firewall. There are many DC's, NFS servers connected to the firewall, and need to access resources via TCP\135.
> Do you have any devices that are currently doing strong authentication > now? If so, describe how it is setup, and if you are able to use it > for remote administration. If you don't anything setup that you think > is classified as strong authentication, are you planning on putting it > in, and when?What do you mean strong authentication? I don't manage any of the DCs. I'm not sure what authentication they use. I'm not too concern of the authentication scheme that they use.
I like to find out the technical details of converting TCP\135 to RPC\135. My understanding is TCP\135 or UDP\135 will allow anything that goes through 135, including blaster, ..., etc. Enforcing RPC\135 will enable me to lock down the protocol to what program the RPC uses. E.g., 10000 for portmapper/rpcbind, and some DCOM/MS-RPC for legit MS applications, such as Exchange, W2K DC. I like to know how stateful inspection would work for such RPC apps. Could someone please expand on this?
Regards, Norman Zhang _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RPC 135 Norman Zhang (May 30)
- Re: RPC 135 Danny (May 30)
- Re: RPC 135 Norman Zhang (May 31)
- Re: Re: RPC 135 Paul D. Robertson (May 31)