[THIN] SV: Re: RPC and RDP

• From: "Johan Martens" <johan.martens@xxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Fri, 2 Mar 2007 18:02:31 +0100

Yes I know when they connect true VPN as they are in the LAN. BUT not if you 
use the firewall like we do since you can make a policy in it and only allow 
traffic on port 3389. So if we have this scenario and connect with RDP and the 
client also mapp is local drives to the RDP will he use same functions as he 
does as if he just connect to a server true the LAN -  NETBIOS.... ? And IF so 
is it same for ICA protocol?
 
I am sorry but my english is not good enough to explain how RPC works as a part 
in the file sharing.
 
BUT maybe this will give a hint?
 
The first DCOM hole was discovered on the client side, where supplying 
arbitrarily large and malformed parameters via the local DCOM API caused a 
local program crash. The exploit took advantage of a buffer overflow regarding 
the NetBIOS name portion of a fileshare name. If the NetBIOS name is above 32 
bytes in length supplied to the CoGetInstanceFromFile () function, it would 
cause a crash in RPCSS.EXE and kill the Microsoft RPC service. Eventually LSD 
made the jump to remotely exploiting the problem by hand crafting DCOM request 
packets that contained the malformed parameter
 
  
 
Best regards 
 
Johan
Med vänlig hälsning 
Johan Martens
Teknik/Agdadrift avdelningen.
Agda Lön AB
Långskeppsgatan 9, 262 71  Ängelholm 
Tel 0431-44 94 00 
Fax 0431-160 13 
mailto:johan@xxxxxxx
www.agda.se 

________________________________

Från: thin-bounce@xxxxxxxxxxxxx genom Steve Greenberg
Skickat: fr 2007-03-02 17:12
Till: thin@xxxxxxxxxxxxx
Ämne: [THIN] Re: RPC and RDP



Can you explain how RPC works as part of file sharing? When you grant VPN 
access in this fashion the end user does have the same access as if they were 
local, I just don't know how RPC works as part of CIFS file sharing....

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85262

(602) 432-8649

www.thinclient.net

steveg@xxxxxxxxxxxxxx

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Johan Martens
Sent: Friday, March 02, 2007 3:10 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] RPC and RDP

 

 

Hi guys,

 

I had a discussion with my boss the other day about RPC and RDP.

 

If one of our employees connect to our firewall true VPN and then connect to a 
Terminal server and the map local drives are mapped true the session. Is it 
possible for a virus which uses RPC to go true this session, eg does the RDP 
protocol use the RPC to map the drives like ordinary windows drive mapping does?

 

Thansk for answers

 

Best regards

 

Johan

• Follow-Ups:
  • [THIN] Re: SV: Re: RPC and RDP
    • From: Steve Greenberg

• References:
  • [THIN] Citrix Client v10
    • From: Malcolm Bruton
  • [THIN] Re: Citrix Client v10
    • From: Andrew Wood
  • [THIN] Re: Citrix Client v10
    • From: Malcolm Bruton
  • [THIN] RPC and RDP
    • From: Johan Martens
  • [THIN] Re: RPC and RDP
    • From: Steve Greenberg

Other related posts:

• » [THIN] SV: Re: RPC and RDP
• » [THIN] Re: SV: Re: RPC and RDP
• » [THIN] Re: SV: Re: RPC and RDP
• » [THIN] Re: SV: Re: RPC and RDP
• » [THIN] Re: SV: Re: RPC and RDP
• » [THIN] Re: SV: Re: RPC and RDP
• » [THIN] Re: SV: Re: RPC and RDP
• » [THIN] Re: SV: Re: RPC and RDP

1. Home
2. thin
3. Archive
4. 03-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---