Security Incidents mailing list archives
Remote Access Software (Wireless Devices)
From: "Holstein, Michael" <mholstein () doit state in us>
Date: Tue, 25 Feb 2003 13:00:00 -0500
As many of you are aware, several vendors (notably SprintPCS) make software available that permits access to corporate email and files from a wireless device. It does this by connecting via SSL to an external server, then keeping the connection open with keepalives. This is a novel way to defeat a corporate firewall (a tactic also used by other security "holes" like GoToMyPC). Understandably this is NOT a "cool idea" from a network security perspective, and I would very much like to block all of it. Vendors are no help in this matter -- I have installed the SprintPCS software and sniffed the connection, identifying "bpce.sprintpcs.com" as the server. Has anyone else done this for the other vendors? I would like to compile a list of destination names/addresses for each vendor so those who choose to close the holes for their network may do so with minimal effort. Any contributions would be appreciated. MH> ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- Remote Access Software (Wireless Devices) Holstein, Michael (Feb 26)