Printable View
Does anyone know of anything (theoretical or otherwise) that could exploit some kind of instant messenger to compromise network security?
In my research I have found several problems relating to recieving files, but are there any kind of vulnerabilities that do not require file trnasfer?
Thanks for any info/resources you may offer.
--
nickel
Well I know first that when you have, an instant messenger open it opens a port which usually is not a good thing. Now it also means which way you are referring to it and using it. Now if you are using it for BUSINESS it is kind of shaky I wouldn't personally.
Now I can't think of any exploits that can be used off the top of my head.
But I got a question, which Im service, don't they run on different ports.
I would imagine that there are a lot of possibilitys of a security flaw with a IM. I see that there is a program out by the creators of the Zone Alarm series calles IM Security. Its software that was created for the soul purpose of securing your computer while useing an IM. I would imagine that if a program was created to secure you PC w/ an IM then most likely it is not secure without it.
LINK(http://www.zonelabs.com/store/conten...sp?lid=nav_imp)
Also when you receive a file or send a file with an IM, lets say ICQ, your IP becomes easily availible to the user you sent it to or received it from.
well basically u are exposing ur internal LAN.....once the hacker is in ur n/w...he can almost do all kind of wired things....the way u expose ur LAN is indirect...
Security is not one mans job...until the End Users help him...usually this doesnt happens...there is always some lazy RAT to ignore admins warnings....this RAT may accept infected files...which may lead to the compromise of ur n/w...
A hacker may trick this RAT to give sensitive info too..
i think its very clear the point i am trying to make...
same thing is also possible with emails tooo...
instant messengers are a no-no on a secure LAN. I am a LAN manager in the army, we do scans for such programs on the regular. If we find one, we shut down the switch port the offending machine and make the end user clean all that mess off the HDD and bring it in for inspection before we turn in back on. MOst IM software uses a p2p connection, so keep that in mind when thinking about allowing IM software on your LAN.
Check any of the anti-virus vendor web sites. Worms and other nasties use IRC channels, ICQ, Trillian, KaZaa, Morpheus and just about any of the "freebie" chat and sharers to move and propagate. Widely know vulnerabilities. The writers of the worms and trojans take advantage of the fact that most users will download anything that is "free" and don't know how to protect their systems from the vulnerabilities.
this would propbably make a gud reading for u...and wud definately give u some reasons why IMs are bad in corporate LANs...
Source : http://www.computerweekly.com/articl...avourID=1&sp=1Quote:
Virulent worms that exploit vulnerable instant messaging (IM) clients and could infect hundreds of thousands of computers in seconds are a real threat for internet users worldwide, security researchers from Symantec have warned.
A small but growing number of documented IM security holes and the rapid adoption of IM technology within corporations are posing significant risks of infection and information theft, the two researchers said Friday at the Virus Bulletin conference in Toronto.
There are about 60 published IM vulnerabilities, according to Eric Chien, chief researcher at Symantec Security Response in Dublin. Those range from security holes that could be used to crash IM clients in denial-of-service attacks, to those which allow attackers to install and run malicious code remotely on computers running the vulnerable IM clients.
I have to agree that IM creates security holes in your network. Although, i personally do not know of any specific exploits for IM software. I can bet there are many out there that do. IM software basically makes a connection to a server for communication with the other IM clients out there or they make a direct connection like p2p software. either way, you are opening ports up and making yourself vulnerable once you have IM software on your network.
do not allow IM software to be used. either block the ports used by them or as is the case now where a lot of IM software are able to search for open ports and use them you have to figure out how to block them some other way. from what i know, IRC connects to a specific server when starting up. if it cannot connect to that server it does not work. so all you need to do is block that range of ip addr. of course there are other im clients out there
just to clarify i am saying all this about a office network. for home systems its up to you as you have mre control about what software is installed.
oh..yeah...another way to block IM would be to install sofware tracking on your users pcs and when they install IM software make sure its removed. but all this has to be done with the support of management. the problem is a lot of them are sing this software and dont like to be without it and they will try their best to stop you from blokcing it. thats the problem i ahve here. they always say they need the software for communicatin g with client and other stupid excuses. I alwasy have to explain and they will most definitely go to my boss. and the i have to spend loads of time trying to explain to both of them.
their arent any direct assaaults to ur comp if that is what ur worried about; but M$N'$ IM has so many cracks and holes that with teh right program i can get your ip, domain, and name; worst case with msn is for me to give u a bad script stuff
i agree that IM are security threats.Any one can use the flaws created by th IMs and dont forget the open ports they creats.