Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Instant Messaging hash values

From: Ayaz Ahmed Khan <ayaz () pakcon org>
Date: Thu, 11 Aug 2005 08:38:31 +0600 (PKST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robinson, Sonja typed:

Nick Duda wrote:

I think that this would be hard to maintain, why not simple block
the type of traffice on firewall or proxy server.


Hard to block at the firewall, they've adapted to random ports, so
if you block 5190 it just moves.  Even worse, many chat web sites
are going right over port 80.


Hm.  What about protocol analysis, if not port-based analysis?  Yiming
Gong, in his article published on securityfocus.com and titled
``Identifying P2P users using traffic analysis''[0], explains both
techniques in detail.

Note:
[0] http://www.securityfocus.com/infocus/1843

- -- 
Ayaz Ahmed Khan                                   fast-ce.org/ayaz

   "I'd love to go out with you, but there are important world
             issues that need worrying about."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iQEVAwUBQvq6KAFi6bOwa2ADAQItQwgAum077TtIvFK2AKQacBCzYiasJcsyoHhv
IlzXir1iM61oxQYwgi84goE+WnLo5AIkc6P0WzZMuRy5jxc4F6g4O/BDyYrnAHXz
0hfZRHYxdznuaWNdBMzQzGLxH8FAN0/PvTx1K06QAAnqfCmFvcCaQTUMEKd/pXeB
NUyLni4Y+xd8ssPOXVTc5xTdFB40s2tO1eCxgMUERmJ0wOPRqhaizrNI53lqfMt/
sRiQoXA85onXoJe89hLXKiUWdo9oM6kGSpvelT7ec8mV3kARz6rcRIh+o7hLJwLL
nlsBJn6KdNPB7r1ZuKnuHoNvhYmszK/tzCSGBwoeJRsiMRTdeEnGbQ==
=zsec
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: