Support Center > Search Results > SecureKnowledge Details
Connectivity problems on the DCERPC traffic
Symptoms
  • Allowing other interfaces beside EPM over port 135 by checking the "Allow DCE-RPC interfaces other than End-Point Mapper (such as DCOM) on Port 135" checkbox under the "DCOM - General Settings" protection will not allow other interfaces beside EPM.
  • The "Unallowed UUID in a multi UUID Bind/Alter context request" message in the IPS log.
  • If the "MS-RPC - General Settings" protection is set to action Prevent, then the packet will be dropped as well.
  • Setting the protection to 'Detect' allows DCOM traffic on port 135, but DCOM protections are not enforced over DCOM traffic.
Cause
Code limitation in the $FWDIR/lib/dcom.def file. If the check for the multiple UUID binds fails, then the Rule Base should be scanned, but it is not.
Solution
Note: To view this solution you need to Sign In .