• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Logmein.com and Gotomypc.com denial...

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Logmein.com and Gotomypc.com denial... Page: [1]
Login
Message << Older Topic   Newer Topic >>
Logmein.com and Gotomypc.com denial... - 4.Jun.2005 6:55:00 PM   
tad_braun

 

Posts: 101
Joined: 31.Dec.2003
Status: offline
Hello,

How would I allow Logmein.com and Gotomypc.com types of browser-based remote control services to my admin team, yet disallow them for the rest of the company?

Specifically, what kind of rule would I use to DENY these services? Maybe I would search the HTTPS stream for an executable header or something? How would I do that? I am not too savvy yet with ISA 2K4. I think Logmein uses port 2002, but I can't be sure yet...

Anyone else running into this situation? I don't want "typical" domain users having this service because of the FileManager capability. They could easily upload all kinds of virused/trojaned files to their work PC, and I don't want that. Yes, we do have active, updated AV and such, but I don't even want the possibility to exist that a user could do damage from a home/traveling PC...

Thaddeus
Post #: 1
RE: Logmein.com and Gotomypc.com denial... - 5.Jun.2005 1:38:00 AM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

Read about this article. http://msmvps.com/shinder/articles/12268.aspx

In this article you will learn the dark side of SSL - Bridging. Using HTTPS procotol to bypass existing firewall.

Cheers,

(in reply to tad_braun)
Post #: 2
RE: Logmein.com and Gotomypc.com denial... - 6.Jun.2005 9:04:00 PM   
tad_braun

 

Posts: 101
Joined: 31.Dec.2003
Status: offline
Hello,

So, as ISA Server 2004 stands today, as well as other firewalls, I CAN'T stop my users from setting up a GoToMyPC account and using it to access other PC's out on the Internet? Policy or no policy, they will find this stuff and do it. I would like a technical method for stopping this, and I thought ISA would be able to see the traffic going out (or coming in) and be able to do something about it.

And from the article mentioned, I also see that MSoft is going to promote this security-crippling capability in their R2 for W2K3! Are they insane!? Foolish is the only word that comes to mind...here they are out touting how secure their new products are, and yet they're including a bypass method around all of it! That just sounds plain stupid...

Tell me it ain't so!

(in reply to tad_braun)
Post #: 3
RE: Logmein.com and Gotomypc.com denial... - 6.Jun.2005 10:58:00 PM   
AbqBill

 

Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
One way that should work would be to monitor the URLs that these programs connect to and block them. In the past, I believe I read on this site that you could block access to poll.gotomypc.com to keep GoToMyPC from working.

Bill

(in reply to tad_braun)
Post #: 4
RE: Logmein.com and Gotomypc.com denial... - 6.Jun.2005 11:32:00 PM   
tad_braun

 

Posts: 101
Joined: 31.Dec.2003
Status: offline
B,

Thanks for the reply! Do you remember where on the site you read that? I'll search, but I think I could use the extra info...

I assumed that the sites like GoTo and LogMeIn would constantly change IP's (kind of like IM servers), but the URL should be fairly constant. Good tip...

(in reply to tad_braun)
Post #: 5
RE: Logmein.com and Gotomypc.com denial... - 7.Jun.2005 1:56:00 AM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

There are ways to check which Domain, URL or Protocol. You can use Network Monitor of Windows, Simple DOS Command -- Netstat -o(Client side - Install the software and execute the command), or better use ISA Server's Realtime monitoring. Create a rule to Deny GoToMyPC and LogMein Domain and URL.

Cheers,

(in reply to tad_braun)
Post #: 6
RE: Logmein.com and Gotomypc.com denial... - 14.Jun.2005 10:46:00 AM   
FriedDough

 

Posts: 1
Joined: 14.Jun.2005
Status: offline
This is becoming a real pain in the butt as many of these services are popping up and all using ports 80 and 443. We have a rule that explicitly blocks HTTP (actually all ports) access to all of these sites:

RemotelyAnywhere.com
MyWebExPC.com
LapLinkEveryWhere.com
112go.com
FolderShare.com
01com.com
ImInTouch.com
beinsync.com
gotomypc.com

I am sure that there are many more but these seem to be the highly visible ones. It would be great if others posted other remote access services like these that they are aware of.

Good luck

(in reply to tad_braun)
Post #: 7
RE: Logmein.com and Gotomypc.com denial... - 14.Jun.2005 6:59:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey guys,

This is why I don't create deny rules, I create allow rules only, for SSL. I never allow SSL through except to legit sites that users have demonstrated a need to access. Its impossible to beat these SSL tunnelers any other way. At least, not until we can get outbound SSL to SSL bridging on our networks.

HTH,
Tom

(in reply to tad_braun)
Post #: 8
RE: Logmein.com and Gotomypc.com denial... - 16.Jun.2005 2:15:00 AM   
tad_braun

 

Posts: 101
Joined: 31.Dec.2003
Status: offline
Tom,

Thanks for the help. What I think you are saying is that we shouldn't allow blanket HTTPS outbound activity for our users, right? Make a single HTTPS rule and keep adding HTTPS sites that users are requesting and make sense, right? Sort of an HTTPS whitelist, right?

I hope I'm hearing you correctly since I am still a bit perturbed about this tunneling problem. Could you give us a thumbnail sketch of what a rule would look like using this theory?

(in reply to tad_braun)
Post #: 9
RE: Logmein.com and Gotomypc.com denial... - 27.Jun.2005 10:48:00 AM   
AbqBill

 

Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
Hi Tom,

Perhaps, in your free time [Smile] , you could post a write-up on the front page detailing your advice and experiences here?

Thanks!

Bill

(in reply to tad_braun)
Post #: 10
RE: Logmein.com and Gotomypc.com denial... - 28.Jun.2005 6:12:00 PM   
bob-isa

 

Posts: 1
Joined: 28.Jun.2005
From: California
Status: offline
FYI
You can use the Corporate version of GoToMyPC to have full control of who uses the service. You can even control what computers have access to the host computers within your network.
Contact the GoToMyPC sales for more information.

(in reply to tad_braun)
Post #: 11
RE: Logmein.com and Gotomypc.com denial... - 5.Jul.2005 2:56:00 PM   
tad_braun

 

Posts: 101
Joined: 31.Dec.2003
Status: offline
Hello,

This is still a very hot topic at my work. We can't put in our new Exchange and ISA systems until I get some new kind of direction. Maybe someone can suggest something other than DENY rules? We have Websense, and they have a Proxy Avoidance category that'll take care of those types of sites (mostly), but I was hoping that we as a group could find a better way to monitor/filter HTTPS Tunneling using ISA Server 2004...

Ideas? Tom?

(in reply to tad_braun)
Post #: 12
RE: Logmein.com and Gotomypc.com denial... - 29.Aug.2006 1:50:41 AM   
khimuracr

 

Posts: 1
Joined: 29.Aug.2006
Status: offline
 
Hello
Somebody know which ports use logmein??

(in reply to tad_braun)
Post #: 13
RE: Logmein.com and Gotomypc.com denial... - 6.Jul.2009 6:59:29 AM   
GennyFil

 

Posts: 1
Joined: 2.Jul.2009
Status: offline
Maybe for somebody it would be interesting to know about another remote access program called pc file transfer on http://www.pc-file-transfer.com/. There are two panels in it, one shows files and folders on the local computer, the other one does the same for the remote computer. You can transfer files and folders from a laptop to a computer or the other way around. Besides, the program features two different remote access methods: direct connection to a remote computer using its IP address and account connection to connect to any computer without knowing its IP address.

(in reply to khimuracr)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Logmein.com and Gotomypc.com denial... Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts