Re: [FW-1] NGAI dce-rpc issue resolution

[RG <robg@FW1-NOSPAMSPORTSLINE.COM>]

I never saw the error in rule 998.  What I saw was port 135 service being
dropped b/c of out of state.

-Rob


At 06:31 PM 8/21/2003 +0100, you wrote:
> I've noticed similar behaviour, fp3hf2 with the updated def and even just in
> normal rpc communications between 2 brand new clean boxes it is generating
> an error in rule 998
>
> perhaps the quick fix was a bit too quick ?
>
> Uly
>
> ----- Original Message -----
> From: "RG" <robg@SPORTSLINE.COM>
> To: <FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM>
> Sent: Thursday, August 21, 2003 5:45 PM
> Subject: [FW-1] NGAI dce-rpc issue resolution
>
>
> > Just thought I'd pass this info along to the group.
> >
> > After all the Windows DCE-RPC attacks in the past weeks, our windows
> admins
> > patched our exchange server.  2 days after doing so, we noticed the
> > Exchange service not working through any VPN (site to site / SR/SC) after
> > about an hour after policy install.  Communication to the Exchange server
> > through the VPN was possible with other services, just not the Exchange
> > service.
> >
> > Checkpoint instructed us to  download a new dcerpc.def and update
> table.deb
> > with
> > dcerp_binds = dynamic sync refresh expires 40;
> >
> > I cant say that the patches to the exchange server were the culprit, but
> it
> > was working no problem with NGAI for about a month.  Only after the patch
> > was installed did this start happening.  Not wanting to test the patch by
> > removing it, we implemented this timeout and surprisingly it worked.
> >
> > CPAI-2003-11 is the ID of the fix.
> >
> > -Rob
> >
> >
> > Robert Geller, CCSA, CCSE
> > Sportsline Network Operations
> > 2200 West Cypress Creek Rd.
> > Fort Lauderdale, Florida 33309
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV@amadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner@ts.checkpoint.com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================