Anyone know how to block LogMeIn and GoToMyPC? We are using an ASA 5520. We mainly want to prevent people coming into our network using those applications. Also, our helpdesk uses LogMeIn Rescue and would need to allow that for them.
Using an access-list would be a good way to prevent anyone from outside coming into your network using GoToMyPC and LogMeIn. An access-list can be applied on the outside interface which is facing the internet. GoToMyPC uses port number 8900 and LogMeIn uses 12975 and 32976. Also it will attempt to use port 443 if it fails to connect on other two ports.
access-list block_traffic deny tcp any eq 8900
access-list block_traffic deny tcp any eq 12975
access-list block_traffic deny tcp any eq 32976
access-list block_traffic deny tcp any eq 443.
access-list block_traffic permit ip any any
Since we are blocking traffic on 443 in case you have https server on the inside it will cause problems. This access-list should be applied on the outside interface.
The ASA has built in REGEXPS for gotomypc and there was way to do this also for log me.
class-map type inspect http match-all _default_GoToMyPC-tunnel match request args regex _default_GoToMyPC-tunnel match request uri regex _default_GoToMyPC-tunnel_2
! asa5520# sh run all reg asa5520# sh run all regex regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
regex _default_GoToMyPC-tunnel "machinekey"
If you see these kind of applications has grown to hundreds (or used to grow) quite fast, faster then we're able to adjust regexp on ASA - since they are supposed to be static by nature. Don't expect a one command wonder.
I'm not intemately familiar with those APPs... since gotomypc work on HTTP potential CSC would be a nice way to prohibit it.
Blocking Log Me In & Go To MY PC LogMeIn uses HTTPS which is not covered in the HTTP inspection. So, the regex method may not be useful for that. You could try blocking couple of LogMeIn ports (TCP 12975 and 32976
you could block access to poll.gotomypc.com to keep GoToMyPC from working.
You'll need to block port 8200, GoToMyPC generates only outgoing HTTP/TCP to ports 80,443 and/or port 8200 and you can also stop 'poll.gotomypc.com' - sorry don't have the IP address but try doing nslookup for 'poll.gotomypc.com' to get the relevant IP address.
Read the following PDF document on this matter as well.
GoToMyPC server [service installed] always sends an outgoing HTTP "ping" to the GoToMyPC broker (poll.gotomypc.com) at regular intervals checking to see if any connect requests have been received.
So to prevent the GoToMyPC broker from accessing our company’s computers is by blocking access to the host GoToMyPC Broker.
This will prevent anyone from starting a connection to access any computer inside our firewall [The protected LAN].
Using a simple outbound ACL will do the job, if you dont need any access to that site, you can just deny ip for that IP
access-list 100 deny ip 192.168.0.0 255.255.255.0 host 188.8.131.52
access-list 100 permit ip any any
this will deny both tcp and udp connections to that ip.
If you have a proxy server, you can use URL based filtering in that, if you need to block many more such websites.
Also, GoToMyPC will help us to block our Internet-visible IPs [Real IPs].
They already have a policy for companies who do not currently have GoToMyPC accounts but wish to block access using their Authorization Management Service, simply we have to send a request to the following email address: GoToSales@expertcity.com.
--------------- Another easiest way to block any of these service without content filtering is by URL since you need to login to the www.logmein.com, www.gotomypc.com, etc...
Setup a local DNS zone on your DNS server 127.0.0.0 logmein.com gotomypc.com
If they can't resolve to logmmein, gotomypc they can't connect.
Another way of doing this is to block installation of the executable such as logmien as a group policy or through your Anti-Virus software.
Port 2002 needs to be open for TCP inbound and outbound traffic.
--------------------------- Hope this helps and let me know how you get on.
A little late here and maybe my approack is a sledge hammer but it works for me ATM with our ASA and our PIX. Since the Logmein traffic originates from the inside by the client to one of the MANY secure.logmen.com servers you will need to block outbound TCP 80 and 443 traffic to those specific IPs related to secure.logmein.com. The method I chose was create the group of logmein IPs (it changes as they add more) and then i applied the rules to the inside interface.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...