| Does Checkpoint's Firewall-1 understand how to deal with Microsoft RPC?
That would require Microsoft disclosing details about the NT RPC
protocol, no? And notifying vendors of protocol changes..
I haven't seen a firewall offering that yet. I would strongly oppose
passing RPC between DMZ and internal networks, since that opens up a nice
little path to your internal network. NT RPC vulnerabilities aside, it is
possible to fool the firewall by sending bogus RPC packets and making the
firewall open random ports. This is similar to the FTP ALG attack
(cf bugtraq).
The only real solution that I can think of that may offer a better sense
of security is to have some sort of application proxy between the layers.
Working with the RPC protocol itself is not possible, so I'd just get the
coders to use something standard that the firewall can inspect to an
appropriate level.
Later,
Kos
--
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
