Re: Blocking GoToMyPC

From: Philip Duldig (maninwhite_at_tpg.com.au)
Date: 10/31/03

  • Next message: morning_wood: "Re: RE:Probable Trojan"
    To: <bslice@backroads.net>
    Date: Fri, 31 Oct 2003 15:55:42 +1030
    
    

    > What is the easiest way to block GoToMyPC? I do not want employees either
    working on their home machines from work, or opening up the network by
    bypassing the firewall.
    > I think from reading GoToMyPC's website the remote machine must login into
    one of the servers, then the client connect to the GoToMyPC server and the
    server relays commands to the remote machine. Also I think I read that
    GoToMyPC uses HTTP and other protocols that normally the firewall allows
    through.
    >
    > One idea that we had was to put a phony DNS entry into our DNS server for
    the GoToMyPC domain, to send that traffic to a non-existent IP on our
    network. Would this work? What would be the major problems with it?
    >
    > What about disallowing access to any ip that on a reverse DNS lookup falls
    into the GoToMyPC domain?
    >
    > Thanks for your time,
    > Brandon
    >

    Hey,
    You may be interested in setting up a proxy that has URL
    detection/redirection and or phrase checking -- there is a nice _free_ proxy
    that works in conjunction with squid (http://www.squid-cache.org/) called
    DansGuardian ( http://dansguardian.org/ ) (binaries for
    linux/solaris/freebsd) that will redirect (ie block) page requests based on
    the url (ie all sites such as blahblah.gotomypc.com) but it can also block
    pages containing predefined phrases (such as "welcome to gotomypc.com", etc)

    (ie it parses the HTML it grabs and checks to see if it can serve it to the
    client)

    I recently set this up at work (A primary school ages 5 to 12) to protect
    the users (mostly children) from nastiness online and might be useful if the
    users are going to things that could break their workstations (dialers,
    popups, ads arggg!!)

    Might be what your after, might not be
    worth a look never the less

    Philip Duldig

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------


  • Next message: morning_wood: "Re: RE:Probable Trojan"

    Relevant Pages

    • Blocking GoToMyPC
      ... One idea that we had was to put a phony DNS entry into our DNS server for the GoToMyPC domain, to send that traffic to a non-existent IP on our network. ... PGP / XML GATEWAY APPLIANCE ...
      (Security-Basics)
    • Re: Server 2003 Internet issue.....
      ... They contacted GotoMyPC support and the rep logged in with RemoteAssist ... and pronounced that it must be their firewall or router blocking GotoMyPC. ... IP that changed during the repair of the Server network? ... Repeat for EVERY DNS server used by the "DNS client" which in this case ...
      (microsoft.public.windows.server.general)
    • Re: Remote mvBase Access...
      ... having both the client and server PC connect to a thrid-party server which ... server waiting for a connection - the client requires direct access to the ... server so requires firewall configuration etc. ... GotoMyPC is an excellent product out of interest, ...
      (comp.databases.pick)
    • Re: ISA - Remote Management
      ... Note that this security breach was in fact user carelessness. ... Despite smoking up google trying to find a documented case of GoToMyPC being ... and NOT on the server. ... > doesn't have the admin password to get it via TS, ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: [SLE] Remote desktop software/server
      ... > Does anyone know of any remote desktop software, similar to gotomypc, ... but from our side we still need to config the firewall. ... you don't run your own server, but it is very like gotomypc and it's ...
      (SuSE)