Support Center > Search Results > SecureKnowledge Details
Support Center
The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
 Print    Email
Connectivity problems on the DCERPC traffic

Solution ID: sk37453
Product: IPS
Version: R70
Date Created: 08-Mar-2009
Last Modified: 14-Mar-2012
Symptoms
  • Allowing other interfaces beside EPM over port 135 by checking the "Allow DCE-RPC interfaces other than End-Point Mapper (such as DCOM) on Port 135" checkbox under the "DCOM - General Settings" protection will not allow other interfaces beside EPM.
  • The "Unallowed UUID in a multi UUID Bind/Alter context request" message in the IPS log.
  • If the "MS-RPC - General Settings" protection is set to action Prevent, then the packet will be dropped as well.
  • Setting the protection to 'Detect' allows DCOM traffic on port 135, but DCOM protections are not enforced over DCOM traffic.
Cause
Code limitation in the $FWDIR/lib/dcom.def file. If the check for the multiple UUID binds fails, then the Rule Base should be scanned, but it is not.
Solution
Note: To view this solution you need to Sign In .