Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer
 Support Center > Search Results > SecureKnowledge Details
Support Center
 Print    Email
Connectivity problems on the DCERPC traffic

Solution ID: sk37453
Product: IPS
Version: R70
Date Created: 08-Mar-2009
Last Modified: 14-Mar-2012
Symptoms
  • Allowing other interfaces beside EPM over port 135 by checking the "Allow DCE-RPC interfaces other than End-Point Mapper (such as DCOM) on Port 135" checkbox under the "DCOM - General Settings" protection will not allow other interfaces beside EPM.
  • The "Unallowed UUID in a multi UUID Bind/Alter context request" message in the IPS log.
  • If the "MS-RPC - General Settings" protection is set to action Prevent, then the packet will be dropped as well.
  • Setting the protection to 'Detect' allows DCOM traffic on port 135, but DCOM protections are not enforced over DCOM traffic.
Cause
Code limitation in the $FWDIR/lib/dcom.def file. If the check for the multiple UUID binds fails, then the Rule Base should be scanned, but it is not.
Solution
Note: To view this solution you need to Sign In .