[Web4lib] IM Security

Micah Stevens micah at raincross-tech.com
Tue Mar 6 12:18:57 EST 2007 

On 03/06/2007 05:36 AM, Chadwick, John, DCA wrote:
> I stand corrected on the protocol statement. However, SMTP, POP3, and
> IMAP do not do port scanning for open ports like some IM systems do. 
>
>   
You can host an SMTP or POP3 server on any port you like. Several of our 
non-local clients use ISP's that block port 25 for example due to the 
spam issue, so we have an SMTP instance on port 587 for them to utilize. 
This is only semi-standard at best. However I could of picked any port I 
liked. To distinguish IM for this ability would be unfair.

(snip)
> "A less useful method is to scan the semi-standard IRC ports 6666-6667.
> However, IRC is not bound to these ports and intruders often use higher
> port numbers in the 6555X range. To detect IRC activity using a port
> scanning
> method one would have to continually scan these, and possibly other
> ports, searching for an IRC response. For this to be successful two
> requirements must be satisfied. First, the IRC agent is listening on
> that port when the scan takes place. Secondly, the port scanner is able
> to identify the IRC service response. It is conceivable that an IRC
> response from a customized IRC server might incorporate a secret
> response mechanism. This mechanism would prelude its identification as
> being an IRC service by a standard or non-customized IRC port scanner."
>
>   
This refers not to the IRC server itself, but a technique for detecting 
unknown IRC servers on a system. The server or client does not port-scan 
as a rule, although a client could be designed to do so for sure. This 
doesn't invalidate your statement though, your point is correct in 
saying this is a technique that could be used. If a host system keeps 
track of it's processes though, any rogue IRC servers can be detected 
fairly easily though.

> And, there is a problem with blocking a large range of ports. We use a
> non-Cisco firewall and found that in blocking the IRC range, using the
> pre-defined settings on the device, we were unintentionally blocking
> online registration to the local community college.
>   
This is a problem, I've run into it quite a few times. I personally 
think it's irresponsible to set up a non-standard system like this, but 
none the less, the responsibility for making things work lies in the 
local system administrator as a rule as people don't care how, they just 
need their computers to work.
> Some who responded to my message seemed to miss my last point. Even with
> all the security risks for IM, there are legitimate uses and there is no
> reason to block IM within a corporate network.
>   
Agreed! I didn't mean to neglect this at all. :)
> As to P2P technologies, there are security and copyright issues involved
> with P2P that concern me. Our library is part of the State of New Mexico
> network, and P2P is blocked at the state level. We have fought to have
> many things opened up for our institution, but P2P is one that I cannot
> get through.
>
>   
P2P is a very general term. Just out of curiosity, is this how the 
restriction is defined? It seems to be a strange way of defining policy 
of this sort.

-Micah

More information about the Web4lib mailing list