[Dshield] Re: gotomypc.com part 2

Jim Tagart Jim.Tagart at bellcold.com
Wed May 15 04:08:50 GMT 2002


Yep, you've got to block all the potential gateway, servers and domains and
yes, even home users and consumer networks by not allowing this first of all
by Policy and Procedure, second by audit and third by monitoring/ sniffing
for these things.

The IDSs need to ramp up and detect these services, at least then you can
shut them down quickly until something better is here, 

I need to learn how to write Snort rules finally.

Jim

> -----Original Message-----
> From:	Bruce Campbell [SMTP:bruce_campbell at ripe.net]
> Sent:	Tuesday, May 14, 2002 6:02 PM
> To:	'list at dshield.org'
> Subject:	RE: [Dshield] Re: gotomypc.com part 2
> 
> On Tue, 14 May 2002, Jim Tagart wrote:
> 
> > 	Nope, not bold today but found this on their site
> >
> > 	<snip>
> > 	How it works?
> >
> > 	Host computer runs totalrc.exe, a software agent to enable remote
> > control. Client takes remote control/view of the Host through 	a
> Web
> > browser. Gateway provides communications between Host and Client. In
> order
> > to provide remote control client opens 	Gateway's URL in the Web
> Browser.
> > The default gateway is http://www.totalrc.net. This gateway is free for
> all
> > users.
> > 	</snip>
> >
> > 	So blocking the http://www.totalrc.net site should do it.
> 
> Blocking www.totalrc.net would block clients, at your site, from
> connecting to the gateway site.  It would not block hosts within your site
> from running totalrc.exe and connecting to poll.gotomypc.com .
> 
> --==--
> Bruce.
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list