Firewall rules for the RPC Protocol
In TCP/IP protocol, reply are always thanks to a dynamic port. The client communicate with the server with port 135 or 111 and answer in done by a port dynamically opened by the client.
More info: https://en.wikipedia.org/wiki/Ephemeral_port
Related videos on Youtube
09 : 23
06 : 44
09 : 16
17 : 28
02 : 00
Comments
-
Cod1ngFree almost 2 years
I am trying to understand how RPC works in order to set some rules un a stateful firewall, allowing RPC between a client and a server.
After reading some documentation I have
- The client contacts the RPC-based server through the ports TCP 111 or UDP 135.
- The client tells the location server the unique RPC service number for the server it wishes to access.
- The location server replies with the new (dynamic) port for that service.
My first question is: Does the server reply through the previos ports (TCP 111 or UDP 135), or does it reply using the new dynamic port that it has just opened?
This is the matter: since the firewall is stateful, if the server is the responsible of initiating the communication through the dynamic ports, then the rule should be unidirectional with source=server and destination=client.
If the answer is sent through 135, then the responsible of initiating the communications to the dynamic ports is the client. Therefore, the rule shoud be unidirectional with source= client and destination=server.
I have not found (yet) any documentation describing exactly how is being sent this reply.