Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
StackCap43382
Collaborator
Collaborator

Block RPC DRSUAPI on Check Point

Has anyone investigated and successfully blocked DRSUAPI on a Check Point?

It perhaps possible by blocking the UUID “e3514235-4b06-11d1-ab04-00c04fc2dcd2” as per "sk112168: How to allow or block a specific DCE-RPC UUID"
https://support.checkpoint.com/results/sk/sk112168

Does anyone know if there is any other method of if UUID is it, if so are there any performance impacts?

 

CCSME, CCTE, CCME, CCVS
0 Kudos
2 Replies
the_rock
Legend
Legend

Never really looked much into it, but interesting subject. I see in R81.20 smart console, there are bunch of built in DCE-RPC services, but if you try to create new one, you absolutelyhave to enter UUID. 

I will play around with it more and see how far I get.

Andy

 

Screenshot_1.png

0 Kudos
PhoneBoy
Admin
Admin

This is the method for blocking a specific DCE-RPC service.
Inspecting DCE-RPC traffic in this manner is not accelerated per: https://support.checkpoint.com/results/sk/sk32578
Proper placement of the rule will be critical to minimize the impact since all rules below this one will not create SecureXL templates.
In this case, it should be near the bottom of the relevant policy layer.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events