Which Firewalls Can Filter RPC UUIDs?
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
Which Firewalls Can Filter RPC UUIDs?

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Firewalls
Author Message
Will
Guest
Posted: Sun Nov 27, 2005 2:02 am    Post subject: Which Firewalls Can Filter RPC UUIDs? Reply with quote
Aside from Microsoft's ISA Server 2004, which commercial firewalls can
actively filter RPC responses from a Windows 200x server to present only a
subset of all supported services (i.e., UUIDs)? My specific requirements
are:

- All clients are on separate networks from the RPC server, separated by a
firewall.

- All requests between the networks are routed (i.e., no NAT)

- When a client requests RPC to list all services on the server, the
firewall will *not* show the true list of RPC services available, but will
instead proxy a reduced list of services.

- The firewall is able to maintain context of a RPC session, so that
requests for secondary connections to the actual RPC service on its UUID
port will not be allowed unless it is in connection with a valid RPC
request.

- RPC requests are inspected to make sure they are properly formed (i.e., no
random data being sent to port 135).

- Preferably, some entry-level version of the product costs less than $1000.
(I still want to hear about products that cost more though.)

I've been working with ISA Server 2004, and while I like it in general as an
internal proxy server/firewall, I am having a miserable time working with
its custom RPC support. It claims to do all of the above, but I'm finding
that the RPC support is buggy, poorly documented, and only appears to work
correctly if you use NAT. Since the server I'm trying to protect here is
an Active Directory server, I'm not anxious to have every member computer in
our domain attach to such a critical machine using an NAT address. That
makes it incredibly problematic to switch out the firewall if other problems
with it develop.

--
Will
Back to top
Volker Birk
Guest
Posted: Sun Nov 27, 2005 11:46 pm    Post subject: Re: Which Firewalls Can Filter RPC UUIDs? Reply with quote
Will <DELETE_westes@earthbroadcast.com> wrote:
Quote:
Aside from Microsoft's ISA Server 2004, which commercial firewalls can
actively filter RPC responses from a Windows 200x server to present only a
subset of all supported services (i.e., UUIDs)?

Windows uses DCE RPC. Every firewalling system, which can filter DCE RPC,
can do this.

Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister
Back to top
Will
Guest
Posted: Mon Nov 28, 2005 1:49 am    Post subject: Re: Which Firewalls Can Filter RPC UUIDs? Reply with quote
I'm not talking about opening port 135. I'm talking about inspecting its
content and making decisions about which secondary connections to accept,
and which UUID services to present to the client.

--
Will


"Volker Birk" <bumens@dingens.org> wrote in message
news:4389f112@news.uni-ulm.de...
Quote:
Will <DELETE_westes@earthbroadcast.com> wrote:
Aside from Microsoft's ISA Server 2004, which commercial firewalls can
actively filter RPC responses from a Windows 200x server to present only
a
subset of all supported services (i.e., UUIDs)?

Windows uses DCE RPC. Every firewalling system, which can filter DCE RPC,
can do this.

Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister
Back to top
Krou
Guest
Posted: Mon Nov 28, 2005 8:05 am    Post subject: Re: Which Firewalls Can Filter RPC UUIDs? Reply with quote
Hello,

CheckPoint FW-1 can do this stuff.

Looking at Check Point NG/AI book,
on page 186, you can select which UUID can be filtered.
You can also use 0 for the UUID and log everything on RPC connection
and find out which UUID are used and filter each UUID as your
needs.from...

But the price may be high for you environment.

The best suggestion I can give is to use what you know.

URL for the Book:
http://www.amazon.com/gp/product/1932266895/002-9195602-2072020?v=glance&n=283155&n=507846&s=books&v=glance
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Firewalls All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB