Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Blocking LogMeIn under PIX Firewall

Posted on 2006-11-01
3
Medium Priority
?
11,706 Views
Last Modified: 2013-11-16
Hi All,

How can you block LogMeIn service using Pix 506E firewall ? I am using ver 6.3.5.

Please let me know

Thanks.
0
Comment
Question by:tssiva
  • 2
3 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 17855931
The LogMeIn service works by installing a client piece of software on the machine you want to remotely control which then establishes an HTTPS tunnel to a "gateway" server located on the LogMeIn network.  Without the use of content filtering software such as Websense (which has a defined protocol for LogMeIn blocking), you can manually block your internal machines from establishing the HTTPS tunnel in outbound by denying TCP 443 in an outbound direction to the pool of LogMeIn gateway server IP addresses.

I did some testing and found that they have at least 17 different servers setup to be gateway servers.  Their DNS names are app01-app17.logmein.com.  The IP addresses for these servers are not on the same network segment which makes this a little more tricky.  This might not be a complete list, but you get the idea about how to perform the blocking.  Here is the IP list:

63.208.197.11  app01.logmein.com
63.208.197.12  app02.logmein.com
63.208.197.13  app03.logmein.com
63.208.197.14  app04.logmein.com
63.208.197.15  app05.logmein.com
63.208.197.16  app06.logmein.com
63.209.251.17  app07.logmein.com
63.209.251.18  app08.logmein.com
63.209.251.19  app09.logmein.com
63.209.251.20  app10.logmein.com
63.209.251.21  app11.logmein.com
63.209.251.22  app12.logmein.com
63.209.251.23  app13.logmein.com
63.208.197.24  app14.logmein.com
63.208.197.25  app15.logmein.com
63.208.197.26  app16.logmein.com
63.208.197.27  app17.logmein.com

As you can see, they did not use contiguous addressing in the setup, probably to increase their uptime in case their ISP has network problems.  So to block, these destination IP addresses in an outbound direction, here are the commands for a PIX firewall.  These should be entered from "config" mode on the PIX.

access-list acl_out deny tcp any host 63.208.197.11 eq https
access-list acl_out deny tcp any host 63.208.197.12 eq https
access-list acl_out deny tcp any host 63.208.197.13 eq https
access-list acl_out deny tcp any host 63.208.197.14 eq https
access-list acl_out deny tcp any host 63.208.197.15 eq https
access-list acl_out deny tcp any host 63.208.197.16 eq https
access-list acl_out deny tcp any host 63.209.251.17 eq https
access-list acl_out deny tcp any host 63.209.251.18 eq https
access-list acl_out deny tcp any host 63.209.251.19 eq https
access-list acl_out deny tcp any host 63.209.251.20 eq https
access-list acl_out deny tcp any host 63.209.251.21 eq https
access-list acl_out deny tcp any host 63.209.251.22 eq https
access-list acl_out deny tcp any host 63.209.251.23 eq https
access-list acl_out deny tcp any host 63.208.197.24 eq https
access-list acl_out deny tcp any host 63.208.197.25 eq https
access-list acl_out deny tcp any host 63.208.197.26 eq https
access-list acl_out deny tcp any host 63.208.197.27 eq https
access-list permit ip any any

Then, apply this to the inside interface with the following command:

access-group acl_out in interface inside

The last statement in the above ACL is to allow all of your other Internet traffic originating from inside the network to still flow as it does now.  Assuming you do not currently have an ACL applied to the inside interface, this last statement is necessary because of the implicit "deny" behavior at the end of a PIX ACL.

Be very careful when applying this ACL to the inside interface since you will now have to explicitly allow any traffic that you want to allow to the outside from your inside network because of the application of this ACL.  This includes normal HTTP traffic, DNS lookups, NTP for time syncs, various ports for streaming media, etc.  The last statement in the ACL should take care of all of this for you so be sure to include some sort of global "catch all" permit statement like that...otherwise you will probably have your users waiting at your door with pitch forks and torches!  :-)

Hope this helps...

0
 
LVL 28

Accepted Solution

by:
batry_boy earned 750 total points
ID: 17855941
Oops!  The last statement in the ACL should read:

access-list acl_out permit ip any any

I forgot to specify the name of the ACL in the previous post...
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17868530
The easiest way would be to create a bogus dns domain for logmein.com and send all the requests coming to this domain to a non-existent ip address. Easy to manage, easily achievable.

Cheers,
Rajesh
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month11 days, 6 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question