Slashdot Mirror
Blocking Instant Messengers?
Michael Mattes asks: "I have been looking for a set of ports/subnets to block in order to disable instant messengers behind my firewall. While MSN is easy to block, ICQ is a little more difficult and it seems as though Yahoo Messenger is designed to do everything possible to not be blocked. I have been reading more and more articles showing companies choosing to block these tools. It seems irresponsible of Yahoo to leave, what appears to me, no choice but to block their entire domain in this situation. Any help would be appreciated."
At our office, we just started sniffing packets until we caught people trolling for sex partners in chat rooms. Slip a few transcripts out to your friends in the office, and they'll whip through the rumor mill in no time. It'll only be a matter of days before nobody will be dumb enough to IM anybody at all, knowing that someone could be listening in.
What's your damage, Heather?
If you can define a snort rule that would pick up some tell-tale of a yahoo IM message, you could then have an 'active response' that would send a tcp reset to each end of the connection spoofed to be from the remote end. This is also effective for blocking gnutella traffic.
Eventually people will give up trying to use yahoo's messenger and switch to something more subversive. when will an icmp-echo reply based IM service get started? That's what the world _really_ needs.
"But actually trying to use m4 as a general-purpose langage would be deeply perverse" --ESR
Good idea, and while you're at it, you can track those who use Yahoo and insert purgatives into their coffee, while inserting D-Lysergic Acid Diethylamide into coffee of people who didn't use Yahoo in a given day. When the users will find a subconcious correlation with their usage of Yahoo and their happiness, the usage will drop accordingly. This is what we, network administrators, call “conditioning.”
root@aio:~# nmap -sX -iR -p1- # Ho, ho, ho! Merry Xmas, everyone!