Educause Security Discussion mailing list archives
Re: What's up with Yahoo messenger?
From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Mon, 26 Sep 2005 16:17:34 -0600
This isn't to say that Yahoo Messenger uses all of these ports, I believe. This is just to say that Yahoo Messenger CAN use any of these ports and may try (scan) all of them until an appropriate port can be found that can be used to run the program. Right? Some company networks try to block messenger services from being used. Yahoo and AIM can work on a variety of ports thus making it harder for administrators to completely block the use of these services. Sarah E Stevens Stevens Technologies, Inc.
Today I noticed an unusual number of "possible spambot" and "telnet
scanning" alerts over the weekend. In tracking these down, I found almost all of the destinations were Yahoo! Mostly 216.155.193.x and 66.163.172.x hosts.
In checking the packet payloads, it was Yahoo messenger. On ports 20, 23, and 25? Gee, this blows my security model astray. Apparently this has been going on for some time. I found this
little reference at http://www.wackyb.co.nz/menu/Yahoo_Messenger_v6_Connection_Issues/ :
Basic Connection: Protocol: TCP or HTTP Servers: scs.msg.yahoo.com scsa.msg.yahoo.com scsb.msg.yahoo.com scsc.msg.yahoo.com Port: 20, 23, 25, 80, 119, 5050 (also 8001, 8002)Does this surprise anyone else as it did me? Do you make provisions to allow for Yahoo IM even though you might
block some of those ports?
Jeff
--
Current thread:
- What's up with Yahoo messenger? Jeff Kell (Sep 26)
- <Possible follow-ups>
- Re: What's up with Yahoo messenger? Sarah Stevens (Sep 26)
- Re: What's up with Yahoo messenger? Valdis Kletnieks (Sep 26)