Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: gotomypc

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 9 Mar 2002 16:24:11 -0500 (EST)

You audit on two fronts, look at the systems for the controling
application<s> required to use it and you look for connections to their
server<s>:

Non-authoritative answer:
Name:    www.gotomypc.com
Address:  63.251.224.169


Non-authoritative answer:
Name:    gotomypc.com
Address:  63.251.224.169

And if one wants to be a tad more careful in what they block perhaps a
whole class C:

[jengate.thur.de]
Process query: '63.251.224.169'
Query recognized as IP.
Querying whois.arin.net:43 with whois.

InterNAP Network Services (NETBLK-NETBLK-PNAP-11-99) NETBLK-PNAP-11-99
                                                   63.251.0.0 -
63.251.255.255
Expertcity.com (NETBLK-PNAP-SFJ-EXPERT-RM-01) PNAP-SFJ-EXPERT-RM-01
                                                 63.251.224.0 -
63.251.224.255

Admittedly I have not investigated any more then a mild look to determine
if all their server<s> are contained within this netblock.  But, this is
not unmanageable.  And certainly should be covered in the security policy
and the corporate AUP.

Thanks,

Ron DuFresne


On Fri, 8 Mar 2002, kevin mckay wrote:


Has anybody dealt with the services from https://www.gotomypc.com it
seems to allow end users to completely circumvent an existing network
security infrastructure.

The user signs up with gotomypc and establishes a out bound connection
through the firewall to a go to my pc server, then there server listens
for a connection that is connected to your internal network
and the scariest thing is that the listining ports for inbound
connections are on a gotomypcserver so how would you even audit?.




__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: