joeypesci Posted March 6, 2011 Share Posted March 6, 2011 Is it possible to monitor any LogMeIn connection on a corporate network? We suspect someone is using it, we don't want to block the site yet but monitor to see if it is being used on the work station we think. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 6, 2011 Share Posted March 6, 2011 LogMeIn (from what I understand) always uses encryption (what type of encryption I am not aware). Monitoring it may be difficult. The best you can probably do without much difficulty is look for a LogMeIn connection and know which computer it's going to/from. Quote Link to comment Share on other sites More sharing options...
joeypesci Posted March 6, 2011 Author Share Posted March 6, 2011 Will look into it, thanks. Quote Link to comment Share on other sites More sharing options...
gEEEk Posted March 14, 2011 Share Posted March 14, 2011 How about using a Wireshark filter "host logmein.com" and just look for a connection and a destination IP. The packets would be encrypted, but it should still come from logmein.com I guess? Quote Link to comment Share on other sites More sharing options...
syko24 Posted March 17, 2011 Share Posted March 17, 2011 Something you can consider once you figure out who it is. https://logmeinsupport.com/kblive/crm/selfservice/displaywh.jsp?DocId=2538 How do I block LogMeIn so my employees can't use it? If you would like to prevent your employees from installing LogMeIn on their work computer, you should block secure.logmein.com on your firewall(s). If you are on a Windows Domain, you may also install our Group Policy Object, which will allow you to limit access throughout your entire domain, without the need for firewall rules. Please see the link below for more information regarding our Group Policy Object. How do I install the LogMeIn Active Directory Group Policy template (logmein.adm)? Chris Quote Link to comment Share on other sites More sharing options...
joeypesci Posted May 1, 2011 Author Share Posted May 1, 2011 Spamster of the worse kind. So poorly done :) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 2, 2011 Share Posted May 2, 2011 Would it be possible for a DPI (deep packet inspection) to look into an encrypted traffic? Quote Link to comment Share on other sites More sharing options...
joeypesci Posted May 18, 2011 Author Share Posted May 18, 2011 Wouldn't of thought so as it's encrypted. I think you can monitor packets and DPI is just to get more details on those packets, if I'm understanding DPI correctly. Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted May 18, 2011 Share Posted May 18, 2011 joeypesci - DPI in this case can allow an "authorized" MItM to inspect some encrypted elements. What happens, the DPI piece acts as a proxy between you and a far end SSL site. It exchanges certs with the far end site, then exchanges a different set of certs with the client, which are trusted. Therefore it splits the SSL stream into 2 distinct sessions, one between server and DPI and one between DPI and client. Decrypts server stream, inspects, then encrypts to client. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.