Re: gotomypc

From: R. DuFresne (dufresneat_private)
Date: Sat Mar 09 2002 - 13:24:11 PST

Next message: Alfred Huger: "The Social Engineering Formal Methodology Thread"

Previous message: R. DuFresne: "Re: Modem detection in a LAN"
In reply to: kevin mckay: "gotomypc"
Next in thread: R. DuFresne: "Re: gotomypc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You audit on two fronts, look at the systems for the controling
application<s> required to use it and you look for connections to their
server<s>:

Non-authoritative answer:
Name:    www.gotomypc.com
Address:  63.251.224.169


Non-authoritative answer:
Name:    gotomypc.com
Address:  63.251.224.169

And if one wants to be a tad more careful in what they block perhaps a
whole class C:

[jengate.thur.de]
Process query: '63.251.224.169'
Query recognized as IP.
Querying whois.arin.net:43 with whois.

InterNAP Network Services (NETBLK-NETBLK-PNAP-11-99) NETBLK-PNAP-11-99
                                                   63.251.0.0 -
63.251.255.255
Expertcity.com (NETBLK-PNAP-SFJ-EXPERT-RM-01) PNAP-SFJ-EXPERT-RM-01
                                                 63.251.224.0 -
63.251.224.255

Admittedly I have not investigated any more then a mild look to determine
if all their server<s> are contained within this netblock.  But, this is
not unmanageable.  And certainly should be covered in the security policy
and the corporate AUP.

Thanks,

Ron DuFresne


On Fri, 8 Mar 2002, kevin mckay wrote:

> Has anybody dealt with the services from https://www.gotomypc.com it
> seems to allow end users to completely circumvent an existing network
> security infrastructure.
> 
> The user signs up with gotomypc and establishes a out bound connection
> through the firewall to a go to my pc server, then there server listens
> for a connection that is connected to your internal network
> and the scariest thing is that the listining ports for inbound
> connections are on a gotomypcserver so how would you even audit?.
> 
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free email!
> http://mail.yahoo.com/
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Alfred Huger: "The Social Engineering Formal Methodology Thread"
Previous message: R. DuFresne: "Re: Modem detection in a LAN"
In reply to: kevin mckay: "gotomypc"
Next in thread: R. DuFresne: "Re: gotomypc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 10 2002 - 09:27:48 PST