4.17. MSRPC network traffic

4.17. MSRPC network traffic
Prev	Chapter 4. MSRPC, a.k.a. Microsoft implementation of DCE RPC	Next

4.17.1. MSRPC network traffic analysis with Ethereal
4.17.2. MSRPC network traffic analysis in Network Intrusion Prevention Systems
4.17.3. MSRPC network traffic analysis in Firewalls

As explained in Section 4.3, “MSRPC transports”, MSRPC was designed to be transport-independant, which implies that the MSRPC network traffic will be observed over different network protocols (TCP, UDP, SMB, HTTP).

Being able to analyze MSRPC network traffic is important for several reasons:

MSRPC is a core protocol of Windows environments and as such, it is frequent to analyze MSRPC traffic to diagnose problems.
The numerous vulnerabilities discovered in the MSRPC subsystem (see Section 4.16, “MSRPC vulnerabilities”) pose a serious security risk for Windows infrastructures. Network security devices such as Network Intrusion Prevention/Detection Systems (NIPS/NIDS) and Firewalls must be capable of analyzing MSRPC traffic to block exploitation of MSRPC vulnerabilities.

Prev	Up	Next
4.16. MSRPC vulnerabilities	Home	4.17.1. MSRPC network traffic analysis with Ethereal