Dynamic port mapper for WMI/DCOM traffic

Started by coppersphinx, October 05, 2020, 08:10:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 05, 2020, 08:10:35 PM
Hi All,

For a project am I using a set of OPNsense firewalls.
Now do we like to limit the high port range of MS-RPC/DCOM traffic.
This traffic is doing a handshake on TCP/135 and then uses a high port between 49152 - 65535.

For the OPNsense firewall are we looking to open dynamically the ports and close then when the session is over. Unfortuanly we cannot find this function.

In a FortiGate firewall this is called: DCE-RPC session helper
And in a Cisco ASA: DCE/RPC inspection

Does anybody know if this function is possible in a OPNsense firewall?

Thanks for possible input/answers
March 15, 2021, 11:18:41 AM #1
@coppersphinx
Any luck figuring this out?
Print
Go Up Pages1
User actions