net radio / Soft VPN / Timeout code

**NeverwaY** · 06-29-2010, 07:35 AM

1. My EUs are having an issue with internet radio. With the portal enabled, the stations (multiple sites) just stop playing at random times. usually the interval seems to be 5 minutes or less. I have tried adding the sites (and their media servers) to the passed hosts conf to no avail. Has anyone else encountered this or similar?

2. Does anyone know of a good way to pass apps like Team Viewer/LogMeIn/Comodo EasyVPN? They are centralized server based remote desktop apps.. but they all seem to use a random list of central servers so i cant pinpoint what to add to the passed conf. Team Viewer is the most important btw. Any ideas?

3. Anyone have a code-snippet for adding a selection box to select the session logout time? Drop down, radio buttons, or any other ui element is fine. Just need a way for the user to select their own timeout when logging in via user/pass auth.

thanks in advance for any assistance.

EDIT: 1. The net radio issue does not seem to apply to all users, only a large handful (say 20 or so.) Myself, and several others do not seem to be affected by this issue. I cannot find any anomolies between the systems, and, disableing the portal resolves the issue.

**7echno7im** · 06-29-2010, 02:26 PM

Just as a suggestion you could google and search for their IPs. I bet there are many, many, many more companies that want to block these IPs rather than allow due to their corp security policies regarding these remote apps.

Here are LogMeIns.

http://www.experts-exchange.com/Secu..._22045832.html

I wish that the captive portal would allow DNS entries rather than IPs. It would resolve tons of my rules for exceptions. Then I would only need to create a rule for the DNS entry and the 2 DNS servers.

**7echno7im** · 06-29-2010, 02:36 PM

It seems the solution is now blocked, but here are the pix commands they reference which contain the IPs for each app server:

did some testing and found that they have at least 17 different servers setup to be gateway servers. Their DNS names are app01-app17.logmein.com. The IP addresses for these servers are not on the same network segment which makes this a little more tricky. This might not be a complete list, but you get the idea about how to perform the blocking. Here is the IP list:

63.208.197.11 app01.logmein.com
63.208.197.12 app02.logmein.com
63.208.197.13 app03.logmein.com
63.208.197.14 app04.logmein.com
63.208.197.15 app05.logmein.com
63.208.197.16 app06.logmein.com
63.209.251.17 app07.logmein.com
63.209.251.18 app08.logmein.com
63.209.251.19 app09.logmein.com
63.209.251.20 app10.logmein.com
63.209.251.21 app11.logmein.com
63.209.251.22 app12.logmein.com
63.209.251.23 app13.logmein.com
63.208.197.24 app14.logmein.com
63.208.197.25 app15.logmein.com
63.208.197.26 app16.logmein.com
63.208.197.27 app17.logmein.com

As you can see, they did not use contiguous addressing in the setup, probably to increase their uptime in case their ISP has network problems. So to block, these destination IP addresses in an outbound direction, here are the commands for a PIX firewall. These should be entered from "config" mode on the PIX.

access-list acl_out deny tcp any host 63.208.197.11 eq https
access-list acl_out deny tcp any host 63.208.197.12 eq https
access-list acl_out deny tcp any host 63.208.197.13 eq https
access-list acl_out deny tcp any host 63.208.197.14 eq https
access-list acl_out deny tcp any host 63.208.197.15 eq https
access-list acl_out deny tcp any host 63.208.197.16 eq https
access-list acl_out deny tcp any host 63.209.251.17 eq https
access-list acl_out deny tcp any host 63.209.251.18 eq https
access-list acl_out deny tcp any host 63.209.251.19 eq https
access-list acl_out deny tcp any host 63.209.251.20 eq https
access-list acl_out deny tcp any host 63.209.251.21 eq https
access-list acl_out deny tcp any host 63.209.251.22 eq https
access-list acl_out deny tcp any host 63.209.251.23 eq https
access-list acl_out deny tcp any host 63.208.197.24 eq https
access-list acl_out deny tcp any host 63.208.197.25 eq https
access-list acl_out deny tcp any host 63.208.197.26 eq https
access-list acl_out deny tcp any host 63.208.197.27 eq https
access-list permit ip any any

**NeverwaY** · 06-30-2010, 10:10 AM

thanks gentlemen, that was most helpful. Seems to have solved the LogMeIn issues. I am going to try to recall Team Viewer support and get them to understand what i am trying to do. If i can get results, i will post them here to help anyone else that may have a similar issue in the future.

**proactivens** · 06-30-2010, 11:49 AM

On the internet radio side of things untangle is likely breaking the stream while scanning at times, or attack blocker is limiting or dropping packets to and from those machines on the lan due to the increased bandwidth being used by the radio stream.

Look at the attack blocker logs and see if any machines have a reputation higher than 100 or if any machines are having packets limited or dropped.

**NeverwaY** · 07-02-2010, 09:49 AM

Proactivens,

I have looked through the logs and dont see anything that would give concern. The affected machines are not listed at all. Good thought though.

Protect

Filter

Perform

Connect

Manage

Add-Ons

Thread: net radio / Soft VPN / Timeout code

LinkBack

Thread Tools

net radio / Soft VPN / Timeout code

Tags for this Thread

Posting Permissions