If you’ve been working with the ISA or TMG firewall for awhile, you might know that you can find tune security for RPC connections through the firewall using UUID information in custom RPC protocol definitions. The main challenge to getting this to work is know the right UUIDs to include in your Protocol Definitions.
To this end, Mohit Saxena from Microsoft PSS come to your aid with a list of UUIDs that he’s kept track of. When using these UUIDs for your RPC Protocol Definitions, make sure you test them first in your lab environment before deploying them into production.
=========================================================
I actually made this list of UUIDs for myself but hopefully it can help J. Might not have all the UUIDs you are looking for though.
6bffd098_a112_3610_9833_012892020162
BROWSER Contains the Netr (Net Remote) RPC interface specification for the APIs associated with the Browser service. This consists of the NetServerEnum API. Also contains the RPC specific data structures for these API.
3dde7c30_165d_11d1_ab8f_00805f14db40 CryptoAPI
50abc2a4_574d_40b3_9d66_ee4fd5fba076 DNS
e3514235_4b06_11d1_ab04_00c04fc2dcd2
DRS AD Replication
82273FDC-E32A-18C3-3F78-827929DC23EA
ELF Event Log APIs
e1af8308_5d1f_11c9_91a4_08002b14a0fa
ENDPTMAPPER Responsible for tracking which service is listening on which point. When a service starts, it registers itself with the End Point Mapper and asks the End Point Mapper to assign it a port number. The End Point Mapper is always listening on port 135 for TCP/IP on the End Point Mapper’s UUID. Q159298
82273fdc_e32a_18c3_3f78_827929dc23ea EventLog
f5cc59b4_4264_101a_8c59_08002b2f842 FRSRPC
12345778_1234_abcd_ef00_0123456789ab
LSA Updated for .NET
12345678_1234_abcd_ef00_01234567cffb NETLOGON
f5cc5a18_4264_101a_8c59_08002b2f8426
NSPI MS Exchange Directory NSPI Proxy
8d9f4e40_a03d_11ce_8f69_08003e30051b
PNP PnP APIs which are used to remote the plug-and-play APIs to the local or remote server via RPC.
338cd001_2244_31f1_aaaa_900038001003 REGSRV
12345778_1234_abcd_ef00_0123456789ac
SAM Updated for .NET
SMB Command code definitions
4b324fc8_1670_01d3_1278_5a47bf6ee188
SRVSRC.IDL Contains the Netr (Net Remote) RPC interface specification for the API associated with the Server Service.
367abb81_9844_35f1_ad32_98f038001003
SVCCTL RPC interface for the remotable NetService API.
3d267954_eeb7_11d1_b94e_00c04fa3080d
TERMSERV Terminal Server Licensing
6bffd098_a112_3610_9833_46c3f87e345a
WKSSVC.IDL Contains the Netr (Net Remote) RPC interface specification for the APIs associated with the Workstation service
ISA Related
a9b96d49-2c75-4917-a178-06b6f08261cc
ISASTGCTRL
b347203c-14bb-4878-8b7a-0a12f9b8076a
ISA MMC
b3df47c0-a95a-11cf-aa26-00aa00c148b9
Replication Between 2 CSS Servers
=========================================================
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)