Re: What's up with Yahoo messenger?

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Mon, 26 Sep 2005 16:45:34 EDT, Jeff Kell said:

> In checking the packet payloads, it was Yahoo messenger.
>
> On ports 20, 23, and 25?  Gee, this blows my security model astray.

Jeff - you've been in this business about as long as I have. :)

This has been coming ever since the first one of us said "I don't like
ports X, Y, and Z, so I'm going to block them at the firewall".  Of course,
there's a number of ports that you really can't block without going back
past the AOL Walled Garden all the way to the Compu$erve Walled Garden (which
is about half a yard from the Linesman's Pliers Walled Garden :)

So of *course* the software gets re-written to use some popular port when
they find the "usual" port unavailable.  And suddenly, rather than being able
to just say "It's on 25, it's SMTP it's on 5050 it's Yahoo", you get to spend
big bucks on "deep inspection" gear.

Consider yourself lucky - it *could* have been on port 443, and you'd have
to have gone to some considerable lengths to figure out that it was
Yahoo messenger traffic.

"The more you tighten your grip, Tarkin, the more star systems will slip
through your fingers." -- Princess Leia Organa

Anybody who's following this security strategy needs to figure out what
their endgame strategy is going to be once only ports 80 and 443 are
allowed.....

Attachment: _bin
Description: