Re: Is GoToMyPC a risk

On 2006-08-15, Lew Pitcher <lpitcher@xxxxxxxxxxxx> wrote:

Now, I don't know about the internals of GoToMyPC (I briefly looked
into it while investigating remote operations solutions for OS2
workstations), so you'll probably have to use ethereal or some other
lan trace tool to determine the communications values (ports, etc) that
it uses. From that, it shouldn't be too much of a problem to add rules
to blacklist the target (W2K3) IPaddress/port combination, and perhaps
add a whitelist for selected source IPaddresses.

If the vendor requires you to use GoToMyPC, I'd require them to do this
legwork for you, and simply give you a list of IPs to be whitelisted,
and the port(s) they need open. If they won't, threaten to switch to
another vendor. ;-) But if they won't give you a list of ports, at the
very least a list of IPs to whitelist will be very helpful, as it will
cut down your exposure greatly. Whatever you do, be sure to verify your
iptables configuration with a portscanner from the outside of the
iptables machine.

--keith

--
kkeller-usenet@xxxxxxxxxxxxxxxxxxxxxxxxxx
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

.