| Author |
Message |
Kiran Otter
Guest
|
 Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
RoadRunner blocking RPC? |
|
|
Does anyone know if RoadRunner blocks RPCs? I have a user who can't connect
using RPC over HTTP.. but it worked when he was using another internet
provider.
Also, is there a way to support alternate ports for RPC over HTTP? Or is
that a can o' worms I shouldn't open?
Thanks,
Kiran |
|
| Back to top |
|
 |
Jeff Teel
Guest
|
| Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
Re: RoadRunner blocking RPC? |
|
|
Hi Leythos
What do you consider bad about using Remote Procedure Calls nested within
http packets? I'm just curious.
Jeff |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
Re: RoadRunner blocking RPC? |
|
|
There were a number of RPC exploits that cause massive problems for
ISP's, last year I think. When ISP's started blocking RPC it made things
easier and gave us back the internet. At the same time there were many
people doing RPC over the net for Outlook access that were not following
MS's recommendations on it - so those people could not access their
Outlook any more. Had they been using a VPN or over SSL they would not
have been impacted.
Anything that requires ports 135~139 and/or 445 should be blocked at the
ISP's networks and not permitted in/out.
If I've misunderstood your post and confused it with the RCP exploit
that we all suffered through during that time, I apologize.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
Re: RoadRunner blocking RPC? |
|
|
RPC over the Internet is always a bad thing - it is blocked by many
ISP's all over the world. There are many better ways to do it - VPN,
SSL, etc...
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Susan Bradley, CPA aka Eb
Guest
|
| Posted:
Sat Nov 12, 2005 8:22 am Post subject:
Re: RoadRunner blocking RPC? |
|
|
| RPC over HTTP goes over port 80/443. It's not traveling over 135-139. |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Sat Nov 12, 2005 8:38 am Post subject:
Re: RoadRunner blocking RPC? |
|
|
Yes, I know, but they thought RPC was safe before that too. Now they
think that RPC over HTTP is safe, at the least I would only permit over
httpS.
I always fall back to the proven standard - IPsec VPN's. You can do
anything you need over them and you don't have to expose any other
ports.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
SuperGumby [SBS MVP]
Guest
|
| Posted:
Sat Nov 12, 2005 9:50 am Post subject:
Re: RoadRunner blocking RPC? |
|
|
but you let those foul nasty remote PC's into your network. I even avoid VPN
into my own network from client sites, it is unnecessary.
'Tried and true' becomes 'old hat' in a short space of PC time. |
|
| Back to top |
|
|
Susan Bradley, CPA aka Eb
Guest
|
| Posted:
Sat Nov 12, 2005 9:50 am Post subject:
Re: RoadRunner blocking RPC? |
|
|
The reality is more machines/networks have been flattened/infected with
VPN connections than the current Outlook over Http. |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Sat Nov 12, 2005 1:50 pm Post subject:
Re: RoadRunner blocking RPC? |
|
|
| Quote: | but you let those foul nasty remote PC's into your network. I even avoid VPN
into my own network from client sites, it is unnecessary.
|
Those PC's don't have Open/Full port access to the network if you have a
real firewall - as an example, we let people VPN into the firewall, but
that doesn't provide ANY access to the LAN or DMZ unless we create a
rule for the VPN User account. So, I can setup Remote Desktop to a
specific node in the LAN and only pass 3389 to it (without any access to
anywhere elese in the LAN) or I can map the RPC proxy service directly
to the Exchange server and limit them to that node.....
Many people that don't have higher end firewalls don't know they can do
that.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in