[Dshield] AIM/Yahoo Messenger traffic encapsulated by anotherservice...?

Preston Morris, Jr. pmorrisjr at pmccpa.com
Sat Mar 13 21:01:36 GMT 2004

I am not a security "expert" (yet) but have you checked to see if the offending employee is using Yahoo's webchat? It is a java-based (I think) chat application that runs in browsers. It's just a thought.


>>> peteoutside at yahoo.com 03/13/04 11:03 AM >>>
Greetings all,
The use of instant messaging programs at work is forbidden by policy.
So, I do the expected blocking and filtering but today saw something really strange:
A FLOOD of tcp/139 traffic going back and forth between two hosts.  When I took a look at the packet payloads, it's a conversation between two individuals which appears to be generated by either AIM or Yahoo! Messenger.
Is this some new "get by the IDS" hacked or modified version of the messaging software that I need to be aware of?
Anyone seen anything similar?


Do you Yahoo!?
Yahoo! Search - Find what you're looking for faster.
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list