Logmein.com and Gotomypc.com denial... (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client


tad_braun -> Logmein.com and Gotomypc.com denial... (4.Jun.2005 6:55:00 PM)


How would I allow Logmein.com and Gotomypc.com types of browser-based remote control services to my admin team, yet disallow them for the rest of the company?

Specifically, what kind of rule would I use to DENY these services? Maybe I would search the HTTPS stream for an executable header or something? How would I do that? I am not too savvy yet with ISA 2K4. I think Logmein uses port 2002, but I can't be sure yet...

Anyone else running into this situation? I don't want "typical" domain users having this service because of the FileManager capability. They could easily upload all kinds of virused/trojaned files to their work PC, and I don't want that. Yes, we do have active, updated AV and such, but I don't even want the possibility to exist that a user could do damage from a home/traveling PC...


ianfermo -> RE: Logmein.com and Gotomypc.com denial... (5.Jun.2005 1:38:00 AM)


Read about this article. http://msmvps.com/shinder/articles/12268.aspx

In this article you will learn the dark side of SSL - Bridging. Using HTTPS procotol to bypass existing firewall.


tad_braun -> RE: Logmein.com and Gotomypc.com denial... (6.Jun.2005 9:04:00 PM)


So, as ISA Server 2004 stands today, as well as other firewalls, I CAN'T stop my users from setting up a GoToMyPC account and using it to access other PC's out on the Internet? Policy or no policy, they will find this stuff and do it. I would like a technical method for stopping this, and I thought ISA would be able to see the traffic going out (or coming in) and be able to do something about it.

And from the article mentioned, I also see that MSoft is going to promote this security-crippling capability in their R2 for W2K3! Are they insane!? Foolish is the only word that comes to mind...here they are out touting how secure their new products are, and yet they're including a bypass method around all of it! That just sounds plain stupid...

Tell me it ain't so!

AbqBill -> RE: Logmein.com and Gotomypc.com denial... (6.Jun.2005 10:58:00 PM)

One way that should work would be to monitor the URLs that these programs connect to and block them. In the past, I believe I read on this site that you could block access to poll.gotomypc.com to keep GoToMyPC from working.


tad_braun -> RE: Logmein.com and Gotomypc.com denial... (6.Jun.2005 11:32:00 PM)


Thanks for the reply! Do you remember where on the site you read that? I'll search, but I think I could use the extra info...

I assumed that the sites like GoTo and LogMeIn would constantly change IP's (kind of like IM servers), but the URL should be fairly constant. Good tip...

ianfermo -> RE: Logmein.com and Gotomypc.com denial... (7.Jun.2005 1:56:00 AM)


There are ways to check which Domain, URL or Protocol. You can use Network Monitor of Windows, Simple DOS Command -- Netstat -o(Client side - Install the software and execute the command), or better use ISA Server's Realtime monitoring. Create a rule to Deny GoToMyPC and LogMein Domain and URL.


FriedDough -> RE: Logmein.com and Gotomypc.com denial... (14.Jun.2005 10:46:00 AM)

This is becoming a real pain in the butt as many of these services are popping up and all using ports 80 and 443. We have a rule that explicitly blocks HTTP (actually all ports) access to all of these sites:


I am sure that there are many more but these seem to be the highly visible ones. It would be great if others posted other remote access services like these that they are aware of.

Good luck

tshinder -> RE: Logmein.com and Gotomypc.com denial... (14.Jun.2005 6:59:00 PM)

Hey guys,

This is why I don't create deny rules, I create allow rules only, for SSL. I never allow SSL through except to legit sites that users have demonstrated a need to access. Its impossible to beat these SSL tunnelers any other way. At least, not until we can get outbound SSL to SSL bridging on our networks.


tad_braun -> RE: Logmein.com and Gotomypc.com denial... (16.Jun.2005 2:15:00 AM)


Thanks for the help. What I think you are saying is that we shouldn't allow blanket HTTPS outbound activity for our users, right? Make a single HTTPS rule and keep adding HTTPS sites that users are requesting and make sense, right? Sort of an HTTPS whitelist, right?

I hope I'm hearing you correctly since I am still a bit perturbed about this tunneling problem. Could you give us a thumbnail sketch of what a rule would look like using this theory?

AbqBill -> RE: Logmein.com and Gotomypc.com denial... (27.Jun.2005 10:48:00 AM)

Hi Tom,

Perhaps, in your free time [Smile] , you could post a write-up on the front page detailing your advice and experiences here?



bob-isa -> RE: Logmein.com and Gotomypc.com denial... (28.Jun.2005 6:12:00 PM)

You can use the Corporate version of GoToMyPC to have full control of who uses the service. You can even control what computers have access to the host computers within your network.
Contact the GoToMyPC sales for more information.

tad_braun -> RE: Logmein.com and Gotomypc.com denial... (5.Jul.2005 2:56:00 PM)


This is still a very hot topic at my work. We can't put in our new Exchange and ISA systems until I get some new kind of direction. Maybe someone can suggest something other than DENY rules? We have Websense, and they have a Proxy Avoidance category that'll take care of those types of sites (mostly), but I was hoping that we as a group could find a better way to monitor/filter HTTPS Tunneling using ISA Server 2004...

Ideas? Tom?

khimuracr -> RE: Logmein.com and Gotomypc.com denial... (29.Aug.2006 1:50:41 AM)

Somebody know which ports use logmein?? [image]http://www.geocities.com/narutomegafan/firmas/khimura.jpg[/image]

GennyFil -> RE: Logmein.com and Gotomypc.com denial... (6.Jul.2009 6:59:29 AM)

Maybe for somebody it would be interesting to know about another remote access program called pc file transfer on http://www.pc-file-transfer.com/. There are two panels in it, one shows files and folders on the local computer, the other one does the same for the remote computer. You can transfer files and folders from a laptop to a computer or the other way around. Besides, the program features two different remote access methods: direct connection to a remote computer using its IP address and account connection to connect to any computer without knowing its IP address.

Page: [1]