Instant Messaging Instant Messaging Magnitude of the Problem • Radicati

Shared by: dffhrtcv3

Tags

Stats

views:: 1
posted:: 3/2/2012
language:: English
pages:: 10

Public Domain

Document Sample

							Instant Messaging
    Magnitude of the Problem
• Radicati reports that 85% of enterprises
  today use IM. Furthermore, Radicati
  predicts IM usage increases will send the
  number of IM messages sent per day from
  a base of 11.4 billion messages per day to
  over 45.8 billion per day in 2008
• Radicati predicts the IM user base will
  grow from 320 million IM users in 2004 to
  592 million users in 2008
         Why is it so popular?
• 1. Its free

• 2. Easy to Download, install, and use

• 3. It works
  – In most network environments
• 4.Network effect of attracting new users
           General Problems
• 1. New mechanism for rapid virus
  propagation
  – File Transfers are the main problem
  – Real Time
• 2. IM spam (aka spIM)
  – Loss of productivity
  – Virus/Worms
     • Most are a form of worm
           Spim Continued
• 70 percent involve pornography in some
  fashion
• 12 percent involve get rich schemes of
  one sort or another
• 9 percent is involved with selling products,
  and
• 5 percent is involved in loans or finances.
     Virus/Worm Propagation
• Social Engineering
  – Request for password ( Posing as an
    administrator)
  – A link to a website that has a download that is
    the payload of the worm
• How it works
  – Buddy lists
  – SpIM
  – Real Time
                Architecture
• 1. IM clients connect to the service on the
  Internet, but the service never needs to connect
  to the client.
• 2. IM clients can simulate a TCP connection
  over HTTP by polling for presence and
  messages.
• 3. IM clients connect to a set of servers known
  as dispatch servers. The number of dispatch
  servers and their IP addresses grow constantly,
  almost on a daily basis.
      Architecture Continued
• connect through well publicized port’s,
  5190 for AIM, 1863 for MSN, and 5050 for
  Yahoo respectively.
• Each of these clients have the capability to
  exploit any open port on the firewall if the
  default ones are blocked.
• some of these services have the ability to
  connect with P2P connections and can
  negotiate a connection on random port.
    Why this cause a problem
• Impossible to block all the IP addresses of
  the dispatch servers
  – After the first login the user will log in through
    the dispatch server
• Hard to block by port number because of
  its port negotiating capabilities
                        Sources
• http://www.imlogic.com/pdf/IM_Security_Threat_WP.pdf
• http://www.imlogic.com/pdf/Top_5_Risks.pdf
• http://www.theregister.co.uk/2004/04/08/spim_impact/
• http://www.theregister.co.uk/2004/03/31/look_out_spam_here_come
  s/
• http://www.theregister.co.uk/2003/02/04/blue_coat_clamps_down/
• http://www.informationweek.com/showArticle.jhtml?articleID=604031
  53
• http://www.informationweek.com/showArticle.jhtml?articleID=186004
  13