Filter
Top Products
24-62
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
Inspect Map Field Descriptions
DCERPC Inspect Map
The DCERPC pane lets you view previously configured DCERPC application inspection maps. A
DCERPC map lets you change the default configuration values used for DCERPC application
inspection.
DCERPC is a protocol widely used by Microsoft distributed client and server applications that allows
software clients to execute programs on a server remotely.
This typically involves a client querying a server called the Endpoint Mapper (EPM) listening on a well
known port number for the dynamically allocated network information of a required service. The client
then sets up a secondary connection to the server instance providing the service. The security appliance
allows the appropriate port number and network address and also applies NAT, if needed, for the
secondary connection.
DCERPC inspect maps inspect for native TCP communication between the EPM and client on well
known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server
can be located in any security zone. The embedded server IP address and Port number are received from
the applicable EPM response messages. Since a client may attempt multiple connections to the server
port returned by EPM, multiple use of pinholes are allowed, which have user configurable timeouts.
Fields
• DCERPC Inspect Maps—Table that lists the defined DCERPC inspect maps.
• Add—Configures a new DCERPC inspect map. To edit a DCERPC inspect map, select the DCERPC
entry in the DCERPC Inspect Maps table and click Customize.
• Delete—Deletes the inspect map selected in the DCERPC Inspect Maps table.
• Security Level—Select the security level (high, medium, or low).
–
Low
Pinhole timeout: 00:02:00
Endpoint mapper service: not enforced
RADIUS Accounting The RADIUS Accounting inspection lets you create, view, and manage
RADIUS Accounting inspect maps. You can use a RADIUS map to protect
against an overbilling attack.
RTSP The RTSP inspection lets you create, view, and manage RTSP inspect maps.
You can use an RTSP map to protect RTSP traffic, including RTSP PAT.
SCCP (Skinny) The SCCP (Skinny) inspection lets you create, view, and manage SCCP
(Skinny) inspect maps. You can use an SCCP map to perform protocol
conformance checks and basic state tracking.
SIP The SIP inspection lets you create, view, and manage SIP inspect maps. You
can use a SIP map for application security and protocol conformance to
protect against SIP-based attacks. SIP is a protocol widely used for internet
conferencing, telephony, presence, events notification, and instant
messaging.
SNMP The SNMP inspection lets you create, view, and manage SNMP inspect
maps. SNMP is a protocol used for communication between network
management devices and network management stations. You can use an
SNMP map to block a specific SNMP version, including SNMP v1, 2, 2c
and 3.