[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'Monowall Mailing List'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] gotomypc blocking
 Date:  Tue, 15 Feb 2005 09:41:39 -0500
Graham Dunn wrote:
>> Does anyone know anything about
>> 
>>    https://www.gotomypc.com/
>> 
>> It looks like they are "marketing" to end users who would
>> install this on their work machines to ask like a VPN to a
>> particular machine. 
>> 
>> So here are a few of my questions for the m0n0 crowd.
>> 
>> (1) Is this thing as evil as it looks?
> 
> Doesn't look evil at all. It's just like webex or similar
conferencing
> software.
> 
>> (2) How does it work?
> 
> Talks to the servers via http/https ports. They assume you have
> unfettered outbound web access.
> 
>> (3) How could one control such a thing?
> 
> Transparent redirects on port 80 to a squid server. You'd have to
> block https. You'd be a very unpopular man at work :]

I had tried one of the "free trials" of this before they were
bought-out by Citrix. Seems pretty simple. The client does use ports
80 and 443. But the FAQ in the User's Guide states that port 8200 also
may need to be open. The FAQ in the User's Guide also makes references
that "personal firewall software" could cause multiple problems.

The FAQ on the "HELP" section of the site had some good things to say:
https://www.gotomypc.com/help2.tmpl#securitykeep

In short, if you want to block GoToMyPC you can sign up as a
"Corporate customer" (probably agreeing to get email/spam/phone calls
for life) and for free they will manage the "Authorized" use of
GoToMyPC on your LAN from their side. Or you can block
poll.gotomypc.com. But, "We [Citrix] do not recommend this method,
however, as it prevents all GoToMyPC usage, including your authorized
GoToMyPC users."

_________________________________
James W. McKeand