January 20th, 2003 01:11 AM
Instant Messaging Insecurity, Using Firewalls to Hack
I am posting this message simply to alert people to a potential insecurity in Instant Messaging technology.
Basically, it is this: If you send someone an instant message, they can grab your IP Address. It is as simple as that. I tell you this to address the paranoid people out there, who are afraid of letting anyone get any sort of start attacking you.
You always see messages if you try to set up any sort of "Direct Connection," because that actually connects the computers on a port-to-port method, leaving a gaping hole in anyone's security.
But, as most of us here know, just getting someone's IP Address is enough to start an attack, by port scanning, or whatever. (I'm not going to give out any more ideas here than I have to.)
It works like this. The person who sends or recieves an Instant Message is sending and recieving packets of information, as we all know. Those packets are, in some firewalls, logged.
Because of that, it is possible for anyone to grab your IP Address by looking at the logged packets and in/out signals that every computer sends when connected to another computer.
The Firewall I originally discovered this with, was Sygate. Anyone can do this. It can happen if they send you a message, and you do not respond.
The only solution is to block people you do not trust, otherwise any new screen name, a fake temporary one, can send you a message, and get the information they need.
But even that is not totally secure. Variants of this can be done with almost any technology, as long as detailed logs are kept on in and out packets.
I don't know if anyone can find a way to stop someone from taking advantage of this, because any friend, even if temporarily ticked off at you, can grab your IP Address and begin trying to connect (more dangerous in XP and 2000 than anything else, due to their built in web server functions, on some designs.) OS X is also at possible risk for this, because it is a Unix Platform.
One reason why I prefer message boards and web chat. :-)
January 20th, 2003 01:29 AM
Why have you posted the same message two times?
You seem too much excited about someone getting your IP. There are a lot of ways to get someone IP but we don't have to care that much. Besides, they don't have to do all you say above to get your IP, if they make a direct connection they just go to a dos prompt, type the needed command and that's all. One more thing, don't care too much about this, what if they had your IP? just do not share your c: drive (or the one where you have your OS) and you are very well covered. Get a ZoneAlarm and you are even more covered... but, finally, there are a lot more important risks than someone knowing your IP.
Note: If you prefer webchat then take care too!!!
January 20th, 2003 01:42 AM
yeah sure you log an ip address but its the ip address of the IM server not the person your chatting with.
either your really misinformed or you want someone to reveal the correct way of doing it cause you dont know
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
January 20th, 2003 02:01 AM
Point one: I posted it in two different forums because it fits quite well in both, and wanted to make sure that people who view specific forums, and not the most recent section, would see it. You are correct about the ability to gain IPs from many different ways, I'm just pointing out one extra way for the more paranoid folk out there (I am one of them..may-be the only one this paranoid.)
Point two: You log the person's IP Address. I have tested this with a number of people, and have ALWAYS gotten their IP Address, their Routers, or their proxies. I have done this with, mainly, AOL Instant Messanger so far, and again, the Sygate Firewall.
I also thought it worth pointing out that the use of Timestamps, or the equivalent, is usually needed to match up the exact second the packet was sent with the one in the firewall (there are many packets sent from AIM in minute, regardless of sending a message or not.)
The other reason this may be more useful with the Sygate Firewall is the fact that it points out the program that was sending/recieving the packets, making the Application layer much easier to use. While many pay firewalls, but Sygate happens to be free, making it available to poor folk like me.
This may not be much information, but its what I have to offer right now, as I am pretty confident it was not posted recently. I have to check the forums before I post something, because its never appreciated if I post some information that someone else just did. It tends to lower other's opinions of me.
January 20th, 2003 02:06 AM
actually it WAS posted recently because you posted it twice!!, and as for the people not being able to read it, i see your new here so you may not know, but whenever a post is made, its added to the top of the "active threads" so everyone sees it when they go to AO.com which in my opinion is a great feature because you dont have to search as hard for some stuff, which means please dont ever post twice, it makes it a bit harder to find more active posts which is why AO members frown upon this (and it is quite annoying)