Blocking Log Me In & Go To MY PC

bberry · ‎07-06-2010

We have a new ASA and I am wondering if it can be used to block access to services such as Log Me In or Goto MY PC? I did not know if this is a simple matter of blocking a range of IP addresses or specific ports or something more complicated that we would need an IPS for.

Suggestions??

Brent

Marcin Latosiewicz · ‎07-06-2010

Brent,

The ASA has built in regexps for gotomypc and I beleive there was way to do this also for log me.

class-map type inspect http match-all _default_GoToMyPC-tunnel
match request args regex _default_GoToMyPC-tunnel
match request uri regex _default_GoToMyPC-tunnel_2

!
bsns-asa5505-19# sh run all reg
bsns-asa5505-19# sh run all regex
regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"

regex _default_GoToMyPC-tunnel "machinekey"

Now honestly, those applications grow (or used to grow) quite fast, faster then we're able to adjust regexp on ASA - since they are supposed to be static by nature. Don't expect a one command wonder.

I'm not intemately familiar with those APPs... since gotomypc work on HTTP potentiall CSC would be a nice way to prohibit it.

Note that IPS seems to be familiar with Hamachi:

http://www.cisco.com/web/software/282773979/34047/Readme-IPS-sig-S387.txt

15454.0   LogMeIn Hamachi Activity                  atomic-ip       informational  false
15455.0   LogMeIn Product Activity                  atomic-ip       low            false

It's spead around all over the place but hopefull helps?

Marcin

Nagaraja Thanthry · ‎07-06-2010

LogMeIn uses HTTPS which is not covered in the HTTP inspection. So, the regex method may not be useful for that. You could try blocking couple of LogMeIn ports (TCP 12975 and 32976 http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers) to see if that helps. LogMeIn application connects to an intermediate server (bibi.hamachi.cc) to establish communication. You can block that IP from communicating to your network. Hope this helps.