Here is what happened when an Outlook client used this protocol:
Today, if you see ncacn_http in a log file, it is often a sign of an ancient legacy system or, paradoxically, a modern threat trying to look like an ancient one.
: The IIS proxy ( RpcProxy.dll ) inspects the HTTP headers. It reads the Requested Server Principal Name to determine which back-end server the traffic is destined for. ncacn_http
ncacn_http is a masterclass in security trade-offs.
But the core DNA remains. When you open Outlook on your laptop at a coffee shop today and it magically connects to the corporate server without a clunky VPN, you are benefitting from the legacy of ncacn_http . Here is what happened when an Outlook client
Because ncacn_http was so good at hiding, malware authors fell in love with it. They realized that if Outlook could hide inside HTTP, so could a virus.
The standard syntax for a string binding using this keyword is: ncacn_http:rpc_server[endpoint] ncacn_http is a masterclass in security trade-offs
: The RPC client wraps its requests in HTTP packets.