[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  Monowall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] gotomypc blocking
 Date:  Tue, 15 Feb 2005 19:10:57 -0500
Chris Buechler wrote:

>On Mon, 14 Feb 2005 19:36:46 -0800, Jeffrey Goldberg
><jeffrey at goldmark dot org> wrote:
>  
>
>>  Both controlled and controlling computers receive all communications
>>through an
>>  outgoing TCP connection using protocols and ports that can
>>transparently transit
>>  almost all firewalls.
>>
>>  No firewall changes are required, and you do not have to bypass or
>>compromise your
>>  corporate or branch office firewall.
>>
>>It looks like they are "marketing" to end users who would install this
>>on their work machines to ask like a VPN to a particular machine.
>>
>>So here are a few of my questions for the m0n0 crowd.
>>
>>(1) Is this thing as evil as it looks?
>>    
>>
>
>That was my first thought when I first saw it.  Sounds like a good way
>to bypass corporate security measures.  Citrix bought them though, and
>having a trustworthy name behind it made me somewhat change my opinion
>of it.  (whether rightfully or not. ;)  Still seems like a good way
>for unauthorized users to bypass corporate security measures though.
>
>Some of my clients are using it for remote access.  They love it.  I
>haven't really dug into the technical details, but it requires no open
>ports from the internet, and all runs over HTTPS I believe.  Basically
>the agent on your machine keeps a connection to their system so when
>you log into their website you can log into your PC.
>
>
>  
>
>>(3) How could one control such a thing?
>>
>>    
>>
>
>Not very easily.  Blocking HTTPS, if that indeed is what it uses, is
>one way, but probably not feasible for most.  Lock down machines so
>users can't install things, but again difficult in many environments. 
>Block access to the entire gotomypc.com domain, and any others it
>uses, if it relies upon DNS.  Audit what is installed on your machines
>using some sort of automated asset management system.
>
>Not really a good answer...  but I don't think there is one.  
>
>-Chris
>  
>
Why not simply discover what IPs their servers are on and block all 
access to them??

Chris



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005