-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is called, in my experience, XML-RPC (google search with lots of results). Reference: http://www.xmlrpc.com/spec
Yes, it is a Remote Procedure Calling implementation. No, it is not the same things that the good old udp based RPC used for things like NIS and NFS. References: RFC 1057 and RFC 1831. That can be the source of confusion. Akin names. On Wed, Oct 13, 2004 at 11:37:12AM -0400, Daniel H. Renner wrote: > Daniel, > > Could you please point out where you read this data? I would like to > see this one... > > This may just reflect my ignorance, but I read (and found hard to > > believe) that Microsoft has implemented RPC over HTTP. Is this not a > > HUGE security hole? If I understand it correctly it means that good old > > HTML or XML can invoke a process using standard web traffic (port 80)? > > Is there any permission checking done? what things can be invoked by RPC > > over HTTP? Jeeze, to me it looks like the barn door is now wide open. Am > > I right, and if so, how can I detect RPCs in web traffic to block this > > junk? Can ANY stateful packet filter see this stuff or is the pattern > > too broad in allowed RPCs? > > > > Again, I hope this is not a stupid question or inappropriate format for > > this, as somebody else recently said, there is already enough noise on > > this list. I would hate to see this list degenerate, it has been REALLY > > valuable to me as a network engineer on occaison. - -- Rodrigo Barbosa <[EMAIL PROTECTED]> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBbYoGpdyWzQ5b5ckRAsMMAJ0bg5ygvKOa1Du66mbW9+gkYfTqVACfewf0 PPz66l4bre4Gtn1J4dYl6AQ= =ZAmy -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
