Has anybody seen a comprehensive list of addresses used by the various "services" that allow unauthorized users to remote into their work computers from home, bypassing corporate security? These things work by making an outbound connection from the target PC to a fixed external site. The user then contacts the external site from their home PC or traveling laptop, and the site uses the previously-opened connection to create a remote session for them. It's not caught by normal firewall config, because the outbound ssl connection appears to be legal.
I'm sure this is a valuable tool for some folks, but it breaks security policy by allowing unauthorized remote access, so my client wants the ability to shut it down. (They have a secure VPN solution for those with legitimate need; these rogue connections are being used by folks without authorization.) Because of the size and complexity of the business, it's really not practical to use a "whitelist" approach to outbound connections. There are also several mission-critical apps that depend on long-term connections, so limiting the connection lifetime or access hours is out as well. It makes sense to me to just block outbound connections to the specific IP addresses of these external services, but that means I need to know where all of them are. I've got the info for gotomypc.com and logmein.com, but there's at least half a dozen others out there commonly in use, probably a lot more. Most of them provide no useful tech information on their websites, as they're in the business of selling access services to the users, not helping network admins enforce corporate policy. Anybody dealt with this before, or know of a good resource?
Thanks!