RE: OT: Blocking Logmein with Checkpoint
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 12 Mar 2006 20:12:24 -0600
Hi Amy,
OK, if you deny the entire logmein.com domain, you *should* be good.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Sunday, March 12, 2006 8:04 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: OT: Blocking Logmein with Checkpoint
>
> http://www.ISAserver.org
>
> Hi Amy,
>
> From what I can tell, Logmein is another one of those dreaded SSL
> tunneled RDPoid applications.
>
> Most of them can be blocked by denying access to the
> negotiation server
> that both the client and server much contact before the host to host
> communications. You can do a trace and figure that out. Google doesn't
> seem to be much help on this one.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Sunday, March 12, 2006 7:49 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] OT: Blocking Logmein with Checkpoint
> >
> > http://www.ISAserver.org
> >
> > I've been called in by a former employer to help secure
> their network.
> > They've had an IT department gone wild scenario and the
> folks that got
> > fired have really done some damage including rootkits,
> remote access,
> > hidden wireless routers, etc. (that's the short story, the
> > long story is
> > every companies worst nightmare)
> >
> > My job is to find a way to block logmein using the Checkpoint
> > firewall.
> > Anyone have any information handy on this service? I read a
> > white paper
> > on logmein security but it failed to divulge anything that
> I could use
> > to block the thing.
> >
> > Amy
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
