Re: OT: Blocking Logmein with Checkpoint

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 13 Mar 2006 08:08:49 -0600

Hi Amy,

Block the entire logmein.com domain and see if that whacks it.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
> Sent: Monday, March 13, 2006 7:50 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint
> 
> http://www.ISAserver.org
> 
> Glad I finally got this email. I didn't get any of this 
> thread delivered
> earlier.
> 
> Nuke and pave isn't my decision, I'm just a temp worker as it 
> were. But
> yes, I would hope that that will be the case. Right now it's still
> damage control while maintaining functionality. Forensic guys have
> finished so now the real work begins.
> 
> So what about blocking this "gets through any firewall app"?
> 
> Amy
> 
> 
>  
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Monday, March 13, 2006 8:25 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint
> 
> http://www.ISAserver.org
> 
> Yep, 'cause if things are that compromised, the entire 
> network is going
> to have to be cratered, after doing as much forensic examination as
> possible before doing so, in order to put those who need 
> jailing in the
> clink. 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
> > Sent: Monday, March 13, 2006 2:03 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint
> > 
> > http://www.ISAserver.org
> > 
> > But I will be the first one to offer assistance to Amy, even 
> > if it is simply
> > sending a 5 lb bag of expresso coffee beans.
> > 
> > Sounds like it is going to be a lot of work.
> > 
> > John T
> > eServices For You
> > 
> > "Seek, and ye shall find!"
> > 
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Sunday, March 12, 2006 6:29 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint
> > > 
> > > http://www.ISAserver.org
> > > 
> > > I didn't want to be the first one to bring that up :(
> > > 
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > 
> > > 
> > > 
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:Thor@xxxxxxxxxxxxxxx]
> > > > Sent: Sunday, March 12, 2006 8:22 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Re: OT: Blocking Logmein with Checkpoint
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Not withstanding the temporary measures to keep them out, you're
> > > > planning a full nuke-and-pave of the entire 
> infrastructure, right?
> > > >
> > > > t
> > > >
> > > > On Mar 12, 2006, at 5:48 PM, Amy Babinchak wrote:
> > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > I've been called in by a former employer to help secure
> > > > their network.
> > > > > They've had an IT department gone wild scenario and the
> > > > folks that got
> > > > > fired have really done some damage including rootkits,
> > > > remote access,
> > > > > hidden wireless routers, etc. (that's the short 
> story, the long
> > > > > story is
> > > > > every companies worst nightmare)
> > > > >
> > > > > My job is to find a way to block logmein using the Checkpoint
> > > > > firewall.
> > > > > Anyone have any information handy on this service? I 
> > read a white
> > > > > paper
> > > > > on logmein security but it failed to divulge anything that
> > > > I could use
> > > > > to block the thing.
> > > > >
> > > > > Amy
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our 
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org 
> > Discussion List
> > > > > as: thor@xxxxxxxxxxxxxxx
> > > > > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?
> > > > > enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org 
> > Discussion List as:
> > > johnlist@xxxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

Other related posts:

• » OT: Blocking Logmein with Checkpoint
• » RE: OT: Blocking Logmein with Checkpoint
• » RE: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint
• » Re: OT: Blocking Logmein with Checkpoint

1. Home
2. isalist
3. Archive
4. 03-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---