[Dshield] gotomypc.com

Johannes B. Ullrich jullrich at sans.org
Mon May 13 15:00:21 GMT 2002


On Mon, 2002-05-13 at 10:35, Kuske, Barry wrote:
> I was just wondering if anyone was aware of this product/service
> (www.gotomypc.com).  Apparently it will allow remote PC access from the
> internet and doesn't require any kind of FIREWALL reconfiguration.  

I fully agree that these programs can be very dangerous. I have not used
this particular program yet. However, one way it may communicate is as a
client. For example, the program checks a particular web page
periodically and executes whatever commands it finds on that page. The
result it then posted to a different URL. The client can use the same
set of pages to post commands and retrieve results.

The only way to disrupt this is by blocking access to the servers
involved. If you are lucky, they do not use just standard web servers
but something custom and not running on port 80.

Overall, this is the same idea as using IRC controlled bots.

Another way to prevent this is to prevent users from installing
unauthorized software (Which is hard...)

-- 
-------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System





More information about the list mailing list