11 DCE/RPC Inspectors

A Remote Procedure Call (RPC) enables programs on one system (computer) to invoke a procedure or function on a different system (computer). An RPC is a network protocol that the calling program (client) uses to communicate with the service on a system (server) that implements the called procedure. DCE/RPC is a protocol that enables the RPC feature in a Distributed Computing Environment (DCE) system. Microsoft’s implementation of the DCE/RPC protocol is referred to as MSRPC.

In recent years, the DCE/RPC protocol has been used as an attack vector by bad actors. Some of the recently noted DCE/RPC-related vulnerabilities include the PrintNightmare vulnerabilities (CVE-2021-1675, CVE-2021-34527, and CVE-2021-34527), the zero-click ...

Get IDS and IPS with Snort 3 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

IDS and IPS with Snort 3 by Ashley Thomas

11

DCE/RPC Inspectors

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly