How do programs like LogMeIn/TeamViewer work?

[dustbuster]

How do programs like LogMeIn and TeamViewer work?

By this I mean how are they able to communicate on ports through fire walls and non-public IPs?

Can someone give me a summary or a place to start looking on the subject more indepth?

 

[vop]

In the case of LogMeIn (LMI), when it is running in enabled mode my PC automatically sends a notification upon bootup (or upon being enabled) to the LMI servers (with IP and flowthrough particulars). This then allows myself or others with the proper login credentials to access my PCs or my client PCs that also are running LMI in enabled mode.



Vince
ASAP Member (VopThis) - Alliance of Security Analysis Professionals
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

[dustbuster]

I realize the login thing. I would like to know about the flowthrough particulars. How can LMI allow remote control without forwarding ports on a hardware firewall?

 

[DTSMAN]

The software is on both ends and streams right through port 80 if I had to make a guess.
Google "logmein port numbers".

Bo

Remember,
If the women don't find you handsome,
they should at least find you handy.
(Red Green)

http://www.redgreen.com

 

[vop]

flow-through particulars:

LMI servers are presumably kept constantly apprised of all available PCs with details of external IP and internal IP that then facilitate and permit login access to the relevant established and listening ports (enabled by logmein) on any such PCs to be accessed.

Vince
ASAP Member (VopThis) - Alliance of Security Analysis Professionals
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

[dustbuster]

I'm not sure I'm communicating what I mean or perhaps I don't understand the replies.

Say I have PC#1 sitting behind a router (which is acting as a firewall). No ports are forwarded to LMI on PC#1 through the router. In fact, all ports are closed.

Now I log in to LMI on PC#2 and connect to PC#1. How is it possible to do this if the ports on the router are closed and not forwarding to PC#1?

 

[vop]

>In fact, all ports are closed.
NO! When LMI is launched the requisite ports are initialize and opened on the router. And, port forwarding is not needed since the LMI servers know exactly which local IP address and ports to access for a given target PC.

http://windowssecrets.com/comp/100415/

With LogMeIn, you set up the host software on the remote machine and then connect it to a password-protected, LogMeIn central server. When you launch the client app on your local PC, you do not connect directly to the remote system but rather to that same LogMeIn server.

Once the LogMeIn server has checked both host and client PCs' credentials, it establishes a connection [external IP addresses] between the two [and then specifically access known private flowthrough addresses such as 192.168.1.x]

Vince
ASAP Member (VopThis) - Alliance of Security Analysis Professionals
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

[dustbuster]

When I do a port scan on the external IP using nmap all the ports read either closed or filtered. This indicates that the router is blocking incoming requests on those ports, does it not?

How can a software program change the settings of a hardware router (a separate device) without knowing the login credentials for the router (username and password)?

 

[vop]

The LMI Servers are told which port to request/access when LMI becomes enabled (changes each time). And, the Server IP address and url will normally change each time as well. Port forwarding is not needed when such mapping info is available. See below:




LMI Enabled:

C:\Users\Vincent>netstat -af | find /i "https"
TCP 192.168.*.*:53252 app02.logmeinrescue-enterprise.com:https ESTABLISHED

C:\Users\Vincent>netstat -an | find /i "443"
TCP 192.168.*.*:53252 64.94.18.205:443 ESTABLISHED



LMI Disabled:

C:\Users\Vincent>netstat -af | find /i "https"
TCP 192.168.*.*:53252 app02.logmeinrescue-enterprise.com:https TIME_WAIT

C:\Users\Vincent>netstat -an | find /i "443"
TCP 192.168.*.*:53252 64.94.18.205:443 TIME_WAIT



LMI Re-enabled (after a few minutes has passed):

C:\Users\Vincent>netstat -af | find /i "https"
TCP 192.168.*.*:53457 app11.logmeinrescue-enterprise.com:https ESTABLISHED

C:\Users\Vincent>netstat -an | find /i "443"
TCP 192.168.*.*:53457 64.94.18.141:443 ESTABLISHED



LMI Re-enabled (without much passage of time):

C:\Users\Vincent>netstat -af |find /i "https"
TCP 192.168.*.*:53457 app11.logmeinrescue-enterprise.com:https TIME_WAIT
TCP 192.168.*.*:53777 64.94.18.217:https ESTABLISHED


C:\Users\Vincent>netstat -an | find /i "443"
TCP 192.168.*.*:53457 64.94.18.141:443 TIME_WAIT
TCP 192.168.*.*:53777 64.94.18.217:443 ESTABLISHED

Vince
ASAP Member (VopThis) - Alliance of Security Analysis Professionals
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]