You audit on two fronts, look at the systems for the controling application<s> required to use it and you look for connections to their server<s>: Non-authoritative answer: Name: www.gotomypc.com Address: 63.251.224.169 Non-authoritative answer: Name: gotomypc.com Address: 63.251.224.169 And if one wants to be a tad more careful in what they block perhaps a whole class C: [jengate.thur.de] Process query: '63.251.224.169' Query recognized as IP. Querying whois.arin.net:43 with whois. InterNAP Network Services (NETBLK-NETBLK-PNAP-11-99) NETBLK-PNAP-11-99 63.251.0.0 - 63.251.255.255 Expertcity.com (NETBLK-PNAP-SFJ-EXPERT-RM-01) PNAP-SFJ-EXPERT-RM-01 63.251.224.0 - 63.251.224.255 Admittedly I have not investigated any more then a mild look to determine if all their server<s> are contained within this netblock. But, this is not unmanageable. And certainly should be covered in the security policy and the corporate AUP. Thanks, Ron DuFresne On Fri, 8 Mar 2002, kevin mckay wrote: > Has anybody dealt with the services from https://www.gotomypc.com it > seems to allow end users to completely circumvent an existing network > security infrastructure. > > The user signs up with gotomypc and establishes a out bound connection > through the firewall to a go to my pc server, then there server listens > for a connection that is connected to your internal network > and the scariest thing is that the listining ports for inbound > connections are on a gotomypcserver so how would you even audit?. > > > > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Mar 10 2002 - 09:27:48 PST