[THIN] Re: SV: Re: RPC and RDP

  • From: Alex Danilychev <teknica@xxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Fri, 2 Mar 2007 13:24:37 -0800

There are similar links for CE and Win32 implementations of RDP VC - check MSDN.
 
ALEX


From: teknica@xxxxxxxxxxxxx: thin@xxxxxxxxxxxxxxxxxxxx: [THIN] Re: SV: Re: RPC 
and RDPDate: Fri, 2 Mar 2007 13:17:06 -0800


True statement. Check 
this:http://msdn2.microsoft.com/en-us/library/aa912846.aspxhttp://msdn2.microsoft.com/en-us/library/aa920229.aspxTons
 of info for developers but not admins. ALEX


From: steveg@xxxxxxxxxxxxxxxx: thin@xxxxxxxxxxxxxxxxxxxx: [THIN] Re: SV: Re: 
RPC and RDPDate: Fri, 2 Mar 2007 13:42:58 -0700





 
I agree that this is how it works, but it is funny, I have not been able to 
find any documentation stating that. Does anyone have anything from MS explaing 
their implementation of secondary services over RDP? Citrix has a clear 
explanation and architecture of virtual channels, but I have not found the same 
kind of information from MS……
 

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale, AZ 85262
(602) 432-8649
www.thinclient.net
steveg@xxxxxxxxxxxxxx
 




From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Bob Coffman Jr - Info From Data Sent: Friday, March 02, 2007 12:24 PMTo: 
thin@xxxxxxxxxxxxxxxxxxxx: [THIN] Re: SV: Re: RPC and RDP
 

Yes, definitely mapped over a virtual channel.  I duplicated the test that Tony 
ran, 3389 is the only port active with local drives mapped.

 

- Bob Coffman

-----Original Message-----From: thin-bounce@xxxxxxxxxxxxx 
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Alex DanilychevSent: Friday, 
March 02, 2007 1:29 PMTo: thin@xxxxxxxxxxxxxxxxxxxx: [THIN] Re: SV: Re: RPC and 
RDP
Drives are mapped via VC. ALEX



To: thin@xxxxxxxxxxxxxxxxxxxx: [THIN] Re: SV: Re: RPC and RDPFrom: 
Anthony_Baldwin@xxxxxxxxxxxxx: Fri, 2 Mar 2007 12:53:49 -0500I logged into a 
W2K3 terminal server using RDP while running a netstat on my PC and I didn't 
see anything popup except port 3389. So, I'm guessing the drive mapping worked 
over 3389. The client drives do show up on the terminal server under 'net use' 
listing, though. I guess a network sniff would tell for sure. Tony




"Steve Greenberg" <steveg@xxxxxxxxxxxxxx> Sent by: thin-bounce@xxxxxxxxxxxxx 
03/02/2007 12:42 PM 




Please respond tothin@xxxxxxxxxxxxx






To

<thin@xxxxxxxxxxxxx> 


cc

 


Subject

[THIN] Re: SV: Re: RPC and RDP
 




 

 

I know for sure with ICA that the file transfer traffic is encapsulated inICA 
and runs over the standard port 1494. With RDP, I *think* it is the sameway 
over port 3389, however, I am strangely unable to find any 
documentationsupporting that in the books at my desk or at the MS web site. 
Does anyonehave a definitive answer to this?? I am pretty sure that if you only 
allow 3389 that there will not be anyNetBios style direct communication to the 
file share, but again, I am havinga hard time finding a definitive technical 
reference on this.... Steve GreenbergThin Client Computing34522 N. Scottsdale 
Rd D8453Scottsdale, AZ 85262(602) 
432-8649www.thinclient.netsteveg@xxxxxxxxxxxxxx _____  From: 
thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On BehalfOf Johan 
MartensSent: Friday, March 02, 2007 10:03 AMTo: thin@xxxxxxxxxxxxxxxxxxxx: 
[THIN] SV: Re: RPC and RDPYes I know when they connect true VPN as they are in 
the LAN. BUT not if youuse the firewall like we do since you can make a policy 
in it and only allowtraffic on port 3389. So if we have this scenario and 
connect with RDP andthe client also mapp is local drives to the RDP will he use 
same functionsas he does as if he just connect to a server true the LAN -  
NETBIOS.... ?And IF so is it same for ICA protocol?I am sorry but my english is 
not good enough to explain how RPC works as apart in the file sharing.BUT maybe 
this will give a hint?The first DCOM hole was discovered on the client side, 
where supplyingarbitrarily large and malformed parameters via the local DCOM 
API caused alocal program crash. The exploit took advantage of a buffer 
overflowregarding the NetBIOS name portion of a fileshare name. If the NetBIOS 
nameis above 32 bytes in length supplied to the CoGetInstanceFromFile 
()function, it would cause a crash in RPCSS.EXE and kill the Microsoft 
RPCservice. Eventually LSD made the jump to remotely exploiting the problem 
byhand crafting DCOM request packets that contained the malformed parameter 
Best regards JohanMed vänlig hälsning Johan MartensTeknik/Agdadrift 
avdelningen.Agda Lön ABLångskeppsgatan 9, 262 71  Ängelholm Tel 0431-44 94 00 
Fax 0431-160 13 mailto:johan@xxxxxxxxxxxxxxxxxx  _____  Från: 
thin-bounce@xxxxxxxxxxxxx genom Steve GreenbergSkickat: fr 2007-03-02 
17:12Till: thin@xxxxxxxxxxxxxÄmne: [THIN] Re: RPC and RDPCan you explain how 
RPC works as part of file sharing? When you grant VPNaccess in this fashion the 
end user does have the same access as if theywere local, I just don't know how 
RPC works as part of CIFS file sharing....Steve GreenbergThin Client 
Computing34522 N. Scottsdale Rd D8453Scottsdale, AZ 85262(602) 
432-8649www.thinclient.netsteveg@xxxxxxxxxxxxxx _____  From: 
thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On BehalfOf Johan 
MartensSent: Friday, March 02, 2007 3:10 AMTo: thin@xxxxxxxxxxxxxxxxxxxx: 
[THIN] RPC and RDPHi guys,I had a discussion with my boss the other day about 
RPC and RDP.If one of our employees connect to our firewall true VPN and then 
connect toa Terminal server and the map local drives are mapped true the 
session. Isit possible for a virus which uses RPC to go true this session, eg 
does theRDP protocol use the RPC to map the drives like ordinary windows 
drivemapping does?Thansk for answersBest regardsJohan

Other related posts: