Hi Amy, Block the entire logmein.com domain and see if that whacks it. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, March 13, 2006 7:50 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint > > http://www.ISAserver.org > > Glad I finally got this email. I didn't get any of this > thread delivered > earlier. > > Nuke and pave isn't my decision, I'm just a temp worker as it > were. But > yes, I would hope that that will be the case. Right now it's still > damage control while maintaining functionality. Forensic guys have > finished so now the real work begins. > > So what about blocking this "gets through any firewall app"? > > Amy > > > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Monday, March 13, 2006 8:25 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint > > http://www.ISAserver.org > > Yep, 'cause if things are that compromised, the entire > network is going > to have to be cratered, after doing as much forensic examination as > possible before doing so, in order to put those who need > jailing in the > clink. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > Sent: Monday, March 13, 2006 2:03 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint > > > > http://www.ISAserver.org > > > > But I will be the first one to offer assistance to Amy, even > > if it is simply > > sending a 5 lb bag of expresso coffee beans. > > > > Sounds like it is going to be a lot of work. > > > > John T > > eServices For You > > > > "Seek, and ye shall find!" > > > > > -----Original Message----- > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > Sent: Sunday, March 12, 2006 6:29 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint > > > > > > http://www.ISAserver.org > > > > > > I didn't want to be the first one to bring that up :( > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://blogs.isaserver.org/shinder/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > > > -----Original Message----- > > > > From: Thor (Hammer of God) [mailto:Thor@xxxxxxxxxxxxxxx] > > > > Sent: Sunday, March 12, 2006 8:22 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint > > > > > > > > http://www.ISAserver.org > > > > > > > > Not withstanding the temporary measures to keep them out, you're > > > > planning a full nuke-and-pave of the entire > infrastructure, right? > > > > > > > > t > > > > > > > > On Mar 12, 2006, at 5:48 PM, Amy Babinchak wrote: > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > I've been called in by a former employer to help secure > > > > their network. > > > > > They've had an IT department gone wild scenario and the > > > > folks that got > > > > > fired have really done some damage including rootkits, > > > > remote access, > > > > > hidden wireless routers, etc. (that's the short > story, the long > > > > > story is > > > > > every companies worst nightmare) > > > > > > > > > > My job is to find a way to block logmein using the Checkpoint > > > > > firewall. > > > > > Anyone have any information handy on this service? I > > read a white > > > > > paper > > > > > on logmein security but it failed to divulge anything that > > > > I could use > > > > > to block the thing. > > > > > > > > > > Amy > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our > other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > > Discussion List > > > > > as: thor@xxxxxxxxxxxxxxx > > > > > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl? > > > > > enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > johnlist@xxxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >