FYI, gotomypc will restrict your corporate IP addresses (probably a NAT
address) from accessing their service if you ask them to.
 
See last question: <https://www.gotomypc.com/static/help2.html>
https://www.gotomypc.com/static/help2.html
 
Kevin J. Rosel, CISSP, CCNA
Information Security Management
Corporate Technology Office
John Hancock Financial Services
Voice: (617) 572-4974
Cell: (617) 435-0517
"If you didn't log it, it never happened"

-----Original Message-----
From: Jeffrey Kok Chew Mun [mailto:ccekokjnus.edu.sg]
Sent: Wednesday, December 04, 2002 9:47 PM
To: Beker Eli; issforumiss.net
Subject: RE: [ISSForum] P2P applications and IDS/IPS

Hi,
 
We stumbled onto a traffic shaping device called Packetshaper from Packeteer
which did a pretty good job in classifying traffic based on applications
(instead of ports). What we did was to deny or limit traffic coming from
undesirable applications like Kazaa, Gnutella, iMesh, etc. In fact, it did a
pretty good job in filtering nimda and codered as well. Since the deployment
of the Packetshaper, we have had almost zero complaints about copyright
issues and all.
 
This worked very well for our campus but there are some limitations though.
A traffic shaping devices isn't built like a FW. In case of congestion, the
traffic shaping devices will pass traffic instead of drop which is the
opposite of a FW which will drop traffic.
 
Hope this helps.
 
cheers,
Jeffrey Kok
National University of Singapore

-----Original Message-----
From: Beker Eli [mailto:Eli.Bekercomverse.com]
Sent: Wednesday, December 04, 2002 5:35 PM
Subject: [ISSForum] P2P applications and IDS/IPS

Hi,

Lately we are facing more and more P2P applications, exposing the corporate
internal networks to
unknown external access. some of the applications require a detailed
installation with username and
passwds, like GoToMyPC https://www.gotomypc.com/ <https://www.gotomypc.com/>
and ViAir WirelessInbox http://www.viair.com/products_WI.htm
<http://www.viair.com/products_WI.htm>
but there might be some, that probably run out of the box, like Kazza and
others.
The common denominator of all those programs are they use well known open
ports on the corporate
firewall, such as http, https or ftp. they automatically switch between the
ports to find an open one.
and some of them can even pass proxy servers.
This is not new to the security community, we all remember the famous ping
tunneling, ssh, https and
http tunneling where the idea is almost the same. the difference, which
doesn't make it better, was that
internal users did in purpose to their systems outside the network. and
today's applications, are using
a 3ed unauthorized party "Broker" to set the connection.
I believe that a strict corporate policy should eliminate part of the
problem, but still we've to stand guard
and catch the security violators.
I would like to hear what you are doing and what can be done to mitigate
this problem?
maybe adding another section to RS, like back doors, for P2P applications?

Regards,
Eli Beker
Comverse

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]