Educause Security Discussion mailing list archives
Re: What's up with Yahoo messenger?
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 26 Sep 2005 23:40:41 -0400
On Mon, 26 Sep 2005 16:45:34 EDT, Jeff Kell said:
In checking the packet payloads, it was Yahoo messenger. On ports 20, 23, and 25? Gee, this blows my security model astray.
Jeff - you've been in this business about as long as I have. :) This has been coming ever since the first one of us said "I don't like ports X, Y, and Z, so I'm going to block them at the firewall". Of course, there's a number of ports that you really can't block without going back past the AOL Walled Garden all the way to the Compu$erve Walled Garden (which is about half a yard from the Linesman's Pliers Walled Garden :) So of *course* the software gets re-written to use some popular port when they find the "usual" port unavailable. And suddenly, rather than being able to just say "It's on 25, it's SMTP it's on 5050 it's Yahoo", you get to spend big bucks on "deep inspection" gear. Consider yourself lucky - it *could* have been on port 443, and you'd have to have gone to some considerable lengths to figure out that it was Yahoo messenger traffic. "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers." -- Princess Leia Organa Anybody who's following this security strategy needs to figure out what their endgame strategy is going to be once only ports 80 and 443 are allowed.....
Attachment:
_bin
Description:
Current thread:
- What's up with Yahoo messenger? Jeff Kell (Sep 26)
- <Possible follow-ups>
- Re: What's up with Yahoo messenger? Sarah Stevens (Sep 26)
- Re: What's up with Yahoo messenger? Valdis Kletnieks (Sep 26)