K
Karl Wallin
Hello,
I am trying to understand and also solve an issue I am currently facing in regards to RPC and constricting RPC dynamic high ports to a specific span in order to whitelist that traffic.
As per this article and the explanation and port range:
How RPC Works: Remote Procedure Call (RPC)
and then this:
https://support.microsoft.com/en-ca...ynamic-port-allocation-to-work-with-firewalls
I tried to apply the regedit as suggested on two hosts, HostA and HostB and then run Wireshark on both computers and allow the entire highport range of: (TCP) 49152 - 65535.
There I could see that Host A initiated a connection through port 135 to host B after running a PowerShell command (forgot which one though) that uses RPC and I can then see that host B responds to host A with an ephemeral / highport but that port is not within the portrange I specified in the regedit-"fix".
If I restrict the firewall using the portranged I specified and not the entire highport range then the PowerShell-command fails. I.e. it uses another port then the portrange I whitelisted in the firewall and in the regedit-fix.
This was however on Win 2016 and I am unsure if this works on Win 2016 or if I am understanding something wrong here since 2016 isn't mentioned on the page of the "fix".
Would be grateful for your help.
Update:
Oh the PS-command was:
Get-WmiObject Win32_ComputerSystem –ComputerName Host-B
Continue reading...
I am trying to understand and also solve an issue I am currently facing in regards to RPC and constricting RPC dynamic high ports to a specific span in order to whitelist that traffic.
As per this article and the explanation and port range:
How RPC Works: Remote Procedure Call (RPC)
and then this:
https://support.microsoft.com/en-ca...ynamic-port-allocation-to-work-with-firewalls
I tried to apply the regedit as suggested on two hosts, HostA and HostB and then run Wireshark on both computers and allow the entire highport range of: (TCP) 49152 - 65535.
There I could see that Host A initiated a connection through port 135 to host B after running a PowerShell command (forgot which one though) that uses RPC and I can then see that host B responds to host A with an ephemeral / highport but that port is not within the portrange I specified in the regedit-"fix".
If I restrict the firewall using the portranged I specified and not the entire highport range then the PowerShell-command fails. I.e. it uses another port then the portrange I whitelisted in the firewall and in the regedit-fix.
This was however on Win 2016 and I am unsure if this works on Win 2016 or if I am understanding something wrong here since 2016 isn't mentioned on the page of the "fix".
Would be grateful for your help.
Update:
Oh the PS-command was:
Get-WmiObject Win32_ComputerSystem –ComputerName Host-B
Continue reading...