[Web4lib] IM Security
Chadwick, John, DCA
john.chadwick at state.nm.us
Tue Mar 6 08:36:06 EST 2007
I stand corrected on the protocol statement. However, SMTP, POP3, and
IMAP do not do port scanning for open ports like some IM systems do.
This is an older document, but does a good job of explaining IRC:
One quote in particular:
"A less useful method is to scan the semi-standard IRC ports 6666-6667.
However, IRC is not bound to these ports and intruders often use higher
port numbers in the 6555X range. To detect IRC activity using a port
method one would have to continually scan these, and possibly other
ports, searching for an IRC response. For this to be successful two
requirements must be satisfied. First, the IRC agent is listening on
that port when the scan takes place. Secondly, the port scanner is able
to identify the IRC service response. It is conceivable that an IRC
response from a customized IRC server might incorporate a secret
response mechanism. This mechanism would prelude its identification as
being an IRC service by a standard or non-customized IRC port scanner."
And, there is a problem with blocking a large range of ports. We use a
non-Cisco firewall and found that in blocking the IRC range, using the
pre-defined settings on the device, we were unintentionally blocking
online registration to the local community college.
Some who responded to my message seemed to miss my last point. Even with
all the security risks for IM, there are legitimate uses and there is no
reason to block IM within a corporate network.
As to P2P technologies, there are security and copyright issues involved
with P2P that concern me. Our library is part of the State of New Mexico
network, and P2P is blocked at the state level. We have fought to have
many things opened up for our institution, but P2P is one that I cannot
From: Micah Stevens [mailto:micah at raincross-tech.com]
Sent: Tuesday, March 06, 2007 1:15 AM
To: Chadwick, John, DCA
Cc: web4lib at webjunction.org
Subject: Re: [Web4lib] IM Security
On 03/05/2007 06:52 PM, Chadwick, John, DCA wrote:
> One of the major problems with IM is that it uses a protocol instead
> a standard TCP/IP port. It is easy to filter out spam and viruses on
> e-mail because all traffic flows on port 25. IM just looks for the
I hate to be nitpicky, but this statement is extremely misleading. Email
is a protocol just like anything else on the Internet. It actually uses
several (SMTP, POP3, IMAP, etc..) It also uses a port as does any TCP
connection. This is exactly how most instant messengers work, although
the specifics of the protocol are different. Although a protocol could
be designed to operate as you suggest, it would be incorrect to describe
all instant messengers as having this property. AIM for example uses
port 5900 to connect. MSN uses several ports depending on what is being
transferred (voice, files,etc.) however they are specific ports and can
be effectively firewalled. Without researching I cannot speak for all
the IM services that are available, but I think my point in general is
valid. If you have a specific example that disagrees, I'd be curious to
> Also, since flavors of IM uses peer-to-peer
> technologies, your computer essentially becomes one with other
> computers, including those that are infected with viruses.
Again misleading and incorrect depending on implementation. I will agree
however that these systems can be a portal for virii, and this is a very
valid concern. Inherently though this threat is no more so for Instant
messaging than for other methods of Internet communication such as web
browsing, email, etc.. Secure implementation varies however as the
mentioned links suggest.
This inbound email has been scanned by the MessageLabs Email Security
Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System.
More information about the Web4lib