Well RPC can be locked down on clusters as well as any NT server as long as it is above port 1024. Someone may have set the static reg setting to port 1116. This seems to be a lot more tricky with W2K but still works the same. I have always used higher ports than 1116 but what ever roock the world. Other than that you should need very few ports for you cluster......unless they authenticate to your internal network.
Steve -----Original Message----- From: Colin Hines [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 10:33 AM To: '[EMAIL PROTECTED]' Cc: RALPH J KUBICSEK (Systems) Subject: Cisco PIX, Port 1116, and MS/DCE RPC 5.0? allowed through firewall Currently my company is running a cisco pix firewall running v6.01 code. I was recently asked to tighten our current conduits as they have fallen by the wayside in the last year or so. A specific one that has been boggling me is a wide open conduit from the DMZ to an internal clustered SQL server running NT4 SP5. I'm not exactly sure how the whole clustered SQL stuff works but from what I can gather, the cluster has a bunch of IP addresses, each representing a different service. I set up a sniffer to track all the traffic on the dmz and I've found some interesting traffic between the webserver and the DTC address of the cluster. All of this traffic (about 2-3% on average) is labelled as MS/DCE (RPC 5.0) traffic and all of it flows to port 1116 on the DTC service. I can't find any information about port 1116 relating to microsoft stuff or DTS. I thought DCOM and stuff used variable ports but I'm not even sure if this stuff is valid. We do have other conduits open for web queries fromt the web server to the clustered SQL address, but I'm wondering I can lock this down to port 1116 without fear of it being dynamic. I took sniffer traces over 4 full days of traffic and didn't see anything other than this port to this service IP, but it's weird that this ip is in the reserved port range and being used by MS but it's not documented. Any ideas? _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
