Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: gotomypc

Re: gotomypc

From: <Ken.Williams_at_ey.com>
Date: Mon, 11 Mar 2002 08:51:56 -0600

i dealt with this site/issue about 6 months ago. ideally, you should
not have to be bothering yourself with auditing gotomypc at all, because
no sane, responsible network admin would ever let his users connect to
gotomypc in the first place. for information about which host network
admins need to block, go here:
https://ssl.anonymizer.com/https://www.gotomypc.com/help2.tmpl?
#securitykeep
(sorry about the anonymization, but i had to use it since we, of course,
block all connections to all known gotomypc hosts, IP blocks)

Regards,
ken

Ken Williams ; Technical Lead ; ken.williams_at_ey.com
eSecurityOnline - an eSecurity Venture of Ernst & Young
ken.williams_at_ey.com ; www.esecurityonline.com ; 1-877-eSecurity

                    kevin mckay
                    <kevintmckay@ To: pen-test_at_securityfocus.com
                    yahoo.com> cc: (bcc: Ken
Williams/AABS/EYLLP/US)
                                         Subject: gotomypc
                    03/08/2002
                    03:56 PM

Has anybody dealt with the services from https://www.gotomypc.com it
seems to allow end users to completely circumvent an existing network
security infrastructure.

The user signs up with gotomypc and establishes a out bound connection
through the firewall to a go to my pc server, then there server listens
for a connection that is connected to your internal network
and the scariest thing is that the listining ports for inbound
connections are on a gotomypcserver so how would you even audit?.

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

______________________________________________________________________
The information contained in this message may be privileged and
confidential and protected from disclosure. If the reader of this message
is not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error,
please notify us immediately by replying to the message and deleting it
from your computer. Thank you. Ernst & Young LLP

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Mar 11 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]