Blocking Log Me In & Go To MY PC

Unanswered Question
Jul 6th, 2010
User Badges:

We have a new ASA and I am wondering if it can be used to block access to services such as Log Me In or Goto MY PC? I did not know if this is a simple matter of blocking a range of IP addresses or specific ports or something more complicated that we would need an IPS for.


Suggestions??


Brent

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Tue, 07/06/2010 - 07:31
User Badges:
  • Cisco Employee,

Brent,


The ASA has built in regexps for gotomypc and I beleive there was way to do this also for log me.


class-map type inspect http match-all _default_GoToMyPC-tunnel
match request args regex _default_GoToMyPC-tunnel
match request uri regex _default_GoToMyPC-tunnel_2


!
bsns-asa5505-19# sh run all reg
bsns-asa5505-19# sh run all regex
regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"

regex _default_GoToMyPC-tunnel "machinekey"


Now honestly, those applications grow (or used to grow) quite fast, faster then we're able to adjust regexp on ASA - since they are supposed to be static by nature. Don't expect a one command wonder.


I'm not intemately familiar with those APPs... since gotomypc work on HTTP potentiall CSC would be a nice way to prohibit it.


Note that IPS seems to be familiar with Hamachi:

http://www.cisco.com/web/software/282773979/34047/Readme-IPS-sig-S387.txt

15454.0   LogMeIn Hamachi Activity                  atomic-ip       informational  false
15455.0   LogMeIn Product Activity                  atomic-ip       low            false



It's spead around all over the place but hopefull helps?


Marcin

Nagaraja Thanthry Tue, 07/06/2010 - 08:20
User Badges:
  • Cisco Employee,

LogMeIn uses HTTPS which is not covered in the HTTP inspection. So, the regex method may not be useful for that. You could try blocking couple of LogMeIn ports (TCP 12975 and 32976 http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers) to see if that helps. LogMeIn application connects to an intermediate server (bibi.hamachi.cc) to establish communication. You can block that IP from communicating to your network. Hope this helps.

Actions

This Discussion