I have a PIX version 6.3(1). I have noticed that some users are using LogMeIn remote desktop services without the knowledge of the administrator. I tried to block the port and noticed that it uses Internet ports HTTP. All users are permitted to access the Internet and so HTTP cannot be blocked. So how can i block this LogMeIn application on the PIX 6.3. Do you think I will need to upgrade to an IPS or PIX 7.0 or does 6.3 itself support some method of blocking this kind of application?
Logmein tries to connect to secure.logmein.com and tries to go through https. So the only way to block it is through blocking the ip for secure.logmein.com, which is 22.214.171.124. Again it won't be a full proof solution since mirrored sites might pop in with different IPs and IPs can change.
Regarding upgrade to version 7.0. With pix 7.0, yes we do have deep packet inspection (called map, for ex. http-map, gtp-map, ftp-map) available for http, ftp, gtp and so on, but for secure protocols, we cannot do much. We can block logmein effectively using ASA with IPS or IPS appliance.
But you will find such applications which depends on secure communications increasing a lot. I would prefer to have a deep packet inspection feature for DNS in PIX next version, which could allow us to permit or drop packet on the basis on dns queries, which can make life a bit better for us.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...