tailieunhanh - RPC Your Friend or Foe?

Imagine for a moment that you have a number of workstations, each of which needs to use a particular application to operate on a dataset. I know that this sounds antiquated, but we’re trying to get the mindset of the persons who came up with RPCs. Imagine the issues involved with trying to synchronize the dataset across all of the hosts. You would very shortly be motivated to come up with some sort of distributed file system to simplify your life. However, since we’re talking about programmer types here, of course we’re going to go for the allencompassing universal solution!!. | RPC Your Friend or Foe David Hoelzer SANS 2001 Version This page intentionally left blank. 1 RPC Decodes - SANS 2001 Contents RPC Basics 4 Portmapper 13 Decoding RPC 18 Anomalous Traffic 30 Appendices 58 RPCs - Friends or Foe SANS 2001 - 2 This page intentionally left blank. 2 RPC Decodes - SANS 2001 What you should learn Understanding of what RPC s are Purpose of Portmap Transport Methods What RPC s should look like How to identify anomalous RPC traffic RPCs - Friends or Foe SANS 2001 - 3 Welcome to the wonderful world of RPCs The purpose of this course is to provide you with a basic understanding of how RPCs function what their purpose is and most importantly what they look like. The idea is that if we can figure out how RPCs should look we can identify anomalous RPCs or watch for particular types of RPCs with a minimum of effort. 3 RPC Decodes - SANS .