RE: Instant Messaging hash values

From: Keith Bucher (kbucher_at_halomede.com)
Date: 08/11/05

  • Next message: Ju Ne: "FW: Question about GoToMyPc services"
    Date: Thu, 11 Aug 2005 09:27:15 -0700
    To: Ayaz Ahmed Khan <ayaz@pakcon.org>
    
    

    > Robinson, Sonja typed:
    > > Nick Duda wrote:
    > >> I think that this would be hard to maintain, why not simple block
    > >> the type of traffice on firewall or proxy server.
    > >>
    > > Hard to block at the firewall, they've adapted to random ports, so
    > > if you block 5190 it just moves. Even worse, many chat web sites
    > > are going right over port 80.
    >
    > Hm. What about protocol analysis, if not port-based analysis? Yiming
    > Gong, in his article published on securityfocus.com and titled
    > ``Identifying P2P users using traffic analysis''[0], explains both
    > techniques in detail.
    >

    There are several progressive steps you can take to deny IM traffic at
    the network level:

    1. Block IM ports (5190, etc.) at the firewall. This can be bypassed
    by using different ports (i.e. 80, 443)

    2. Configure your DNS server to blackhole common IM servers (i.e.
    login.oscar.aol.com) by resolving them to 127.0.0.1 or another
    non-valid address.

    3. Deploy a web proxy server (i.e. Squid or ISA) that denies access to
    IM services and only allow egress web traffic to the proxy server.

    4. Deploy a deep inspection firewall like PacketShaper or IMLogic that
    will do protocol analysis ($$$).

    By this point the users will probably be fed up of trying to work around
    the restrictions and will start texting people from their cell phones.

    Keith Bucher


  • Next message: Ju Ne: "FW: Question about GoToMyPc services"

    Relevant Pages

    • RE: Open All Outbound Ports?
      ... out with the introduction of a proxy server and some content filtering. ... by means of a ISA firewall client installed on the WK ... "security procedures" we have in place. ... Subject: Open All Outbound Ports? ...
      (Security-Basics)
    • Re: www.zone.com
      ... Internet through a firewall or proxy server unless certain TCP Ports are ... Ports that need to be opened to play Windows Internet Games: ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: How can I get cvs working with a proxy server?
      ... > We are behind a firewall and proxy server. ... > The box has full internet access, ... looking at the man page for cvsupd says that it uses ports 5999 and 5998. ...
      (freebsd-questions)
    • Is a Proxy Server Safer to Use
      ... A proxy and a firewall serve two different functions. ... A proxy server is designed to cache web content so ... numerous users within a given location do not have to ... or shuts off ports from the "outside" to the "inside". ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Root exploit for FreeBSD
      ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
      (freebsd-questions)