Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NGAI dce-rpc issue resolution

To: [email protected]
Subject: Re: [FW-1] NGAI dce-rpc issue resolution
From: Ulysees <[email protected]>
Date: Thu, 21 Aug 2003 18:31:50 +0100
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I've noticed similar behaviour, fp3hf2 with the updated def and even just in
normal rpc communications between 2 brand new clean boxes it is generating
an error in rule 998

perhaps the quick fix was a bit too quick ?

Uly

----- Original Message -----
From: "RG" <[email protected]>
To: <[email protected]>
Sent: Thursday, August 21, 2003 5:45 PM
Subject: [FW-1] NGAI dce-rpc issue resolution


> Just thought I'd pass this info along to the group.
>
> After all the Windows DCE-RPC attacks in the past weeks, our windows
admins
> patched our exchange server.  2 days after doing so, we noticed the
> Exchange service not working through any VPN (site to site / SR/SC) after
> about an hour after policy install.  Communication to the Exchange server
> through the VPN was possible with other services, just not the Exchange
> service.
>
> Checkpoint instructed us to  download a new dcerpc.def and update
table.deb
> with
> dcerp_binds = dynamic sync refresh expires 40;
>
> I cant say that the patches to the exchange server were the culprit, but
it
> was working no problem with NGAI for about a month.  Only after the patch
> was installed did this start happening.  Not wanting to test the patch by
> removing it, we implemented this timeout and surprisingly it worked.
>
> CPAI-2003-11 is the ID of the fix.
>
> -Rob
>
>
> Robert Geller, CCSA, CCSE
> Sportsline Network Operations
> 2200 West Cypress Creek Rd.
> Fort Lauderdale, Florida 33309
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] NGAI dce-rpc issue resolution
  - From: RG <[email protected]>

References:
- [FW-1] NGAI dce-rpc issue resolution
  - From: RG <[email protected]>

Prev by Date: Re: [FW-1] MTU
Next by Date: Re: [FW-1] NGAI dce-rpc issue resolution
Previous by thread: [FW-1] NGAI dce-rpc issue resolution
Next by thread: Re: [FW-1] NGAI dce-rpc issue resolution
Index(es):
- Date
- Thread