How to block Remote Desktop software?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Does anyone know of an effective way to block remote desktop
applications like GoToMyPC.com, PCanywhere, Fog Creek Copilot etc. at
the network level, that doesn't require me to manually find the
relevant IP addresses, etc.?

For example does someone host updated IPS signatures, or updated IP
lists that could be used in an IPS?

Has anyone else on this list had this challenge, and how did you solve
it?

Kind regards,
Daniel Tams



Re: How to block Remote Desktop software?
In article <d61d4e34-4e19-40c2-9262-
1e74b7a94abf@j35g2000yqh.googlegroups.com>, daniel.tams@gmail.com
says...
Quoted text here. Click to load it

Why do you allow unrestricted outbound?

Why does your company not just allow outbound to specific sites that are
approved?


--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: How to block Remote Desktop software?

Quoted text here. Click to load it

I work with Proventia stuff frequently and I know IBM ISS Proventia
IPS has signatures for these:

    http://www.iss.net/security_center/reference/vuln/RDP_Login.htm
  
http://www.iss.net/security_center/reference/vuln/HTTP_GotoMyPCDOTCom_Connection.htm
    http://www.iss.net/security_center/reference/vuln/pc-anywhere-detect.htm
    http://xforce.iss.net/xforce/xfdb/24103

The protocol detection signatures are generally low or medium, but you
could configure them in a profile to drop such traffic if you use the
IPS inline in blocking mode.

Being more draconian in egress and inbound filtering can also deal
with this, but sensing it on a network level often has uses in
environments that aren't as militaristically locked down as other
posters suggest.   Also, generally those intent on using such
technologies will use ports that are allowed to subvert whatever rote
policies are in place.


--
Todd H.
http://www.toddh.net /

Re: How to block Remote Desktop software?
Daniel Tams wrote:
Quoted text here. Click to load it
I think Untangle (www.untangle.com) does at least some of these in its
various applications (webfilter, protocol filter, etc).
gr

Site Timeline