Re: Blocking unauthorized remote access

---

• From: Volker Birk <bumens@xxxxxxxxxxx>
• Date: 24 Sep 2006 08:34:54 +0200

---

Mike Dorn <mrdorn@xxxxxxxx> wrote:

Has anybody seen a comprehensive list of addresses used by the various
"services" that allow unauthorized users to remote into their work computers
from home, bypassing corporate security? These things work by making an
outbound connection from the target PC to a fixed external site. The user then
contacts the external site from their home PC or traveling laptop, and the site
uses the previously-opened connection to create a remote session for them. It's
not caught by normal firewall config, because the outbound ssl connection
appears to be legal.

http://www.agroman.net/corkscrew/

With such a tool, any site on the outside can be used.

I think, you have a social problem, not a technical one. Try to detect
open sockets or reconnecting sockets after working time and talk to the
people who are installing such things.

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc
.

---

• Follow-Ups:
  • Re: Blocking unauthorized remote access
    • From: Mike Dorn

• References:
  • Blocking unauthorized remote access
    • From: Mike Dorn

• Prev by Date: Cisco 501 PIX port forwarding (outside DHCP)
• Next by Date: Re: Enable / disable internet access in selected classrooms
• Previous by thread: Blocking unauthorized remote access
• Next by thread: Re: Blocking unauthorized remote access
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2006-09