Examining How Remote Procedure Call (RPC) Traffic Works
To understand the basics of the problem, it??™s important to first understand, at least in
outline, the specifics of how the RPC protocol works. RPC is very powerful, and provides
programmers with efficiency and enhanced functionality. It is therefore commonly used
for many applications and services.
NOTE
The scope of this chapter is not on the intricate programming specifics of RPC, but
more information can be found at the following URL:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/
rpcank.asp
In short, RPC works by publishing an endpoint mapping port (Port 135) on a server
running RPC services. This port is responsible for directing clients to dynamically assigned
high-range ports for the services. These ports may be any of the TCP/IP ports in the range
of 1024 through 65,536, depending on a random assignment by the RPC endpoint
mapping service. The fact that so many ports must be opened to allow RPC is one of the
reasons why it has gotten a bad rap in security circles.
Another problem with the way that RPC operates is that it is very chatty, and by default
exposes much information about the services that run on the particular server.
Pages:
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663