January 20th, 2003, 02:13 AM
Instant Messaging Insecurity
I am posting this message simply to alert people to a potential insecurity in Instant Messaging technology.
Basically, it is this: If you send someone an instant message, they can grab your IP Address. It is as simple as that. I tell you this to address the paranoid people out there, who are afraid of letting anyone get any sort of start attacking you.
You always see messages if you try to set up any sort of "Direct Connection," because that actually connects the computers on a port-to-port method, leaving a gaping hole in anyone's security.
But, as most of us here know, just getting someone's IP Address is enough to start an attack, by port scanning, or whatever. (I'm not going to give out any more ideas here than I have to.)
It works like this. The person who sends or recieves an Instant Message is sending and recieving packets of information, as we all know. Those packets are, in some firewalls, logged.
Because of that, it is possible for anyone to grab your IP Address by looking at the logged packets and in/out signals that every computer sends when connected to another computer.
The Firewall I originally discovered this with, was Sygate. Anyone can do this. It can happen if they send you a message, and you do not respond.
The only solution is to block people you do not trust, otherwise any new screen name, a fake temporary one, can send you a message, and get the information they need.
But even that is not totally secure. Variants of this can be done with almost any technology, as long as detailed logs are kept on in and out packets.
I don't know if anyone can find a way to stop someone from taking advantage of this, because any friend, even if temporarily ticked off at you, can grab your IP Address and begin trying to connect (more dangerous in XP and 2000 than anything else, due to their built in web server functions, on some designs.) OS X is also at possible risk for this, because it is a Unix Platform.
One reason why I prefer message boards and web chat. :-)
January 20th, 2003, 05:30 AM
Great info, but this has already been posted. If you don't want to be negged to death or be yelled at by other guys, research before you post. Search the threads about the topic you want to post and see if it's already there. If it's already there and theres something new about that topic that you want to post, then post it on the old thread and it will be bumped up to the top to where people can view it. I know it's hard to get all the rules when your first here. This shouldn't stop you from posting what you think is important, just make sure it hasn't already been posted or has nothing to do with computers. We wouldn't want to annoy the other members now would we...:P Go read the Newbie Tutorial if you already haven't.
January 29th, 2003, 08:22 PM