[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] RPC Traffic (TCP 135)
Greetings! Tim Parker wrote: We are getting some errors on our site that the "RPC Server is not available." If a user then refreshes the error goes away. I was searching MS's site and found that it appears that RPC traffic is on Port 135/TCP. Solution: RPC over TCP connections are dropped (skI2394) To make RPC over TCP work properly, proceed as follows: 1. From the Policy Editor menu, select Policy> Properties, and in the Services tab, check "Enable RPC Control". 2. In the objects.C file under :props, change the :enable_tcprpc property value to (true). 3. In the Rule Base, allow only the RPC service (under Service). 4. Install the policy. Any issues with opening this up to web servers? I know I don't want to let the NETBios ports through to the web servers from the internet. Worse: you are opening up the Microsoft RPCs - now anyone can (try to) remote control your IIS remotely using the standard NT server manager. MS-RPCs are even more danerous than NBT - IMHO.
-- Volker Tanger <[email protected]> Wrangelstr. 100, 10997 Berlin, Germany DiSCON GmbH - Internet Solutions http://www.discon.de/ ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [email protected] =================================================
|