Search This Blog

Thursday, February 23, 2012

firewall-wizards Digest, Vol 62, Issue 1

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. How MSRPC flow is handled? How to delete the flows after
successful transfer of data (rahul sharma)


----------------------------------------------------------------------

Message: 1
Date: Fri, 17 Feb 2012 20:06:18 +0530
From: rahul sharma <rahulatgslab@gmail.com>
Subject: [fw-wiz] How MSRPC flow is handled? How to delete the flows
after successful transfer of data
To: firewall-wizards@listserv.icsalabs.com
Message-ID:
<CA+nTx8G8PV4YJ5EuFwKko8hfWdt+pFVL7fyKTgrG21O7xhtGJw@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi All,

I am trying to get details about MSRPC and its working. So far I have come
to know that when a Client requests for a particular service, first it
comes to End Point Mapper. Then in response to Map Request, the Port and IP
address are sent to client in Response's Tower id 4 and 5 respectively. Now
I have the port and IP address. I simply connect to that service. Now
suppose I am firewalling it. Now if I allowed the MSRPC packets, then I
will create an embryonic flow for that connection, and then the firewall
will allow those packets.

Now my problem is how I will detect for how long I need to keep that flow
open? If the communication on that port has finished, then how should I
make sure that now its exited and I need to delete the flow ID? Can anyone
help me how should I go for this or how is this actually implemented??

Thanks and Regards
Rahul Sharma
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20120217/db5afaeb/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 62, Issue 1
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)