[Dshield] AIM/Yahoo Messenger traffic encapsulated by another service...?

Pete Cap peteoutside at yahoo.com
Fri Mar 12 16:12:15 GMT 2004


Greetings all,
 
The use of instant messaging programs at work is forbidden by policy.
So, I do the expected blocking and filtering but today saw something really strange:
A FLOOD of tcp/139 traffic going back and forth between two hosts.  When I took a look at the packet payloads, it's a conversation between two individuals which appears to be generated by either AIM or Yahoo! Messenger.
Is this some new "get by the IDS" hacked or modified version of the messaging software that I need to be aware of?
Anyone seen anything similar?

Regards,
Pete


---------------------------------
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster.


More information about the list mailing list