Thread: DCE-RPC Enforcement Violation
View Single Post
  #1 (permalink)  
Old 2006-06-19
moelljoe moelljoe is offline
Junior Member
  
Join Date: 2005-08-26
Location: Muenster, Germany
Posts: 1
Rep Power: 0
moelljoe has an average reputation (10+)
Default DCE-RPC Enforcement Violation
Hello,

last week, we upgrade from CheckPoint NG R55 to CheckPoint NG-X R60 HFA03. Now we have problems with the microsoft domain controler communication.

If the server A in our dmz to try to connect server B (domain controler) we got often this alert:

Number: 192944
Date: 19Jun2006
Time: 16:35:13
Product: SmartDefense
Interface: eth-s1p2c0
Origin: fw (192.168.1.1)
Type: Alert
Action: Reject
Protocol: tcp
Service: epmap-135 (135)
Source: serverA (192.168.10.10)
Destination: serverB (172.16.20.20)
Source Port: 4740
Attack Name: DCE-RPC Enforcement Violation
Attack Information: Source IP in port command is different than the Server IP


Is there anybody who get this error message too??
Is there anybody who know, how we can disable this check in smart defense?

moelljoe
Reply With Quote