Re: Blocking unauthorized remote access

Giganews Newsgroups
Subject: Re: Blocking unauthorized remote access
Posted by:  Volker Birk (bume…@dingens.org)
Date: 24 Sep 2006

Mike Dorn <mrdo…@visi.com> wrote:
> Has anybody seen a comprehensive list of addresses used by the various
> "services" that allow unauthorized users to remote into their work computers
> from home, bypassing corporate security?  These things work by making an
> outbound connection from the target PC to a fixed external site.  The user then
> contacts the external site from their home PC or traveling laptop, and the site
> uses the previously-opened connection to create a remote session for them.  It's
> not caught by normal firewall config, because the outbound ssl connection
> appears to be legal.

http://www.agroman.net/corkscrew/

With such a tool, any site on the outside can be used.

I think, you have a social problem, not a technical one. Try to detect
open sockets or reconnecting sockets after working time and talk to the
people who are installing such things.

Yours,
VB.

--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

                              Rudolf Polzer in de.comp.security.misc

Replies

In response to

Blocking unauthorized remote access posted by Mike Dorn on Sun, 24 Sep 2006