DCE Ms RPC Over TCP

I am student of MCA (Master of Computer Application). I want to know about Microsoft DCE/RPC (Distributed Computing Environment / Remote Procedure Calls) and how it deals with message exchange over TCP/IP?

Hello sir, is there any one can tell me name of class attack of Distributed Computing Environment Ms RPC Over TCP?

[pawan]

Class attack of Distributed Computing Environment MS RPC over TCP:
Over IP/TCP on port 445

The Distributed Computing Environment MS RPC is able to exploit [MS03-026] using 445/TCP 139/TCP 135/TCP 135/UDP and 80/TCP.

The naming convention for transports that can be designed (as architectural plugins) and then made available to DCE/RPC echoes these origins, e.g. ncacn_np (SMB Named Pipes transport); ncacn_tcp (DCE/RPC over TCP/IP) and ncacn_http to name a small number.

MS03-049 is successfully exploited through 445/TCP 139/TCP and dynamically assigned TCP/UDP ports over 1024.

The specification documents ordered by release date:


"P312 DCE: Remote Procedure Call" (not available online) is dated 15/10/1993
"C309 DCE: Remote Procedure Call" (not available online) is dated 15/08/1994
Corrigenda U010 X/Open DCE: Remote Procedure Call is dated 15/11/1995

Protocol dependencies:


DCE/RPC can run atop a number of protocols, including:

TCP: Typically, connection oriented DCE/RPC uses TCP as its transport protocol. The well known TCP port for DCE/RPC EPMAP is 135. This transport is called ncacn_ip_tcp.

UDP: Typically, connectionless DCE/RPC uses UDP as its transport protocol. The well known UDP port for DCE/RPC EPMAP is 135. This transport is called ncadg_ip_udp.

SMB: Connection oriented DCE/RPC can also use authenticated named pipes on top of SMB as its transport protocol. This transport is called ncacn_np.

SMB2: Connection oriented DCE/RPC can also use authenticated named pipes on top of SMB2 as its transport protocol. This transport is called ncacn_np.

Uses


Pennsylvania State University's student information portal, eLion
the older version of HP OpenView Operations for Unix/Windows Agents
Microsoft Exchange/Outlook (MAPI/RPC)
Call of Duty: Modern Warfare 2 for Multiplayer lobbies, making small clouds to decide on a host or lobby migration.

Hello sir, what is use of Distributed Computing Environment MS RPC over TCP? Please provide me info for Distributed Computing Environment MS RPC over TCP?

[pawan]

The Distributed Computing Environment / Remote Procedure Calls is the remote procedure call system developed for the Distributed Computing Environment (DCE).

To use TCP or UDP, RPC addresses must end in the medium names whereas UDP is a datagram protocol.

The RPC system uses one or the other as instructed. The TCP is stream-oriented and so, when data flow is mainly in one direction, PRAGMA CAST may used to stream messages for extra speed.

The DCE-RPC protocol over TCP has a Major Version 5 and a Minor Version 0 or 1. This protection blocks messages with a non compliant Major or Minor Version.

MS-RPC and DCE-RPC Vulnerabilities:
Vulnerability
Protection
Check Point Reference: SBP-2009-29
Date Published: 1 Mar 2009
Severity: High
Last Updated: 1 Jan 2009
Source: IPS Research Center
Protection Provided by:

Resources for more information on personal firewalls:

McAfee
Symantec
ZoneAlarm Pro (Zone Labs)
Tiny Personal Firewall (Tiny Software)
Outpost Firewall (Agnitum)
Kerio Personal Firewall (Kerio Technologies)
BlackICE PC Protection (Internet Security Systems)

When disable DCOM, the following items will not work:

Any COM objects that can be activated remotely may not function correctly.

The local COM+ snap-in will not be able to connect to remote servers to enumerate their COM+ catalog.

Certificate auto-enrollment may not function correctly.

Windows Management Instrumentation (WMI) queries against remote servers may not function correctly.