Register for Free Membership to

Over the last few years, Syngress has published many best-selling and
critically acclaimed books, including Tom Shinder’s Configuring ISA
Server 2004, Brian Caswell and Jay Beale’s Snort 2.1 Intrusion
Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal
Packet Sniffing. One of the reasons for the success of these books has
been our unique program. Through this
site, we’ve been able to provide readers a real time extension to the
printed book.
As a registered owner of this book, you will qualify for free access to
our members-only program. Once you have
registered, you will enjoy several benefits, including:
■

Four downloadable e-booklets on topics related to the book.
Each booklet is approximately 20-30 pages in Adobe PDF
format. They have been selected by our editors from other
best-selling Syngress books as providing topic coverage that
is directly related to the coverage in this book.

■

A comprehensive FAQ page that consolidates all of the key
points of this book into an easy-to-search web page, providing you with the concise, easy-to-access data you need to
perform your job.

■

A “From the Author” Forum that allows the authors of this

book to post timely updates and links to related sites, or
additional topic coverage that may have been requested by
readers.

Just visit us at www.syngress.com/solutions and follow the simple
registration process. You will need to have this book with you when
you register.
Thank you for giving us the opportunity to serve your needs. And be
sure to let us know if there is anything else we can do to make your
job easier.


SECURING

IM and P2P
Applications
for the Enterprise

Paul L. Piccard
Brian Baskin
Craig Edwards
George Spillman
Marcus H. Sachs

Technical Editor


Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be
obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is

sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow
the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not
apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when working
with computers, networks, data, and files.
Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author
UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Syngress:The
Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to
Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this
book are trademarks or service marks of their respective companies.
KEY

SERIAL NUMBER

001
002
003
004
005
006
007
008
009
010

HJIRTCV764
PO9873D5FG
829KM8NJH2
HJ563LLM8C

CVPLQ6WQ23
VBP965T5T5
HJJJ863WD3E
2987GVTWMK
629MP5SDJT
IMWQ295T6T

PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Securing IM and P2P Applications for the Enterprise

Copyright © 2006 by Syngress Publishing, Inc. All rights reserved. Printed in Canada. Except as permitted
under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form
or by any means, or stored in a database or retrieval system, without the prior written permission of the
publisher, with the exception that the program listings may be entered, stored, and executed in a computer
system, but they may not be reproduced for publication.
Printed in Canada
1 2 3 4 5 6 7 8 9 0
ISBN: 1-59749-017-2
Publisher: Andrew Williams
Acquisitions Editor: Jaime Quigley
Technical Editor: Marcus H. Sachs
Cover Designer: Michael Kavish

Page Layout and Art: Patricia Lupien
Copy Editor: Amy Thomson
Indexer: Richard Carlson


Distributed by O’Reilly Media, Inc. in the United States and Canada.
For information on rights, translations, and bulk purchases, contact Matt Pedersen, Director of Worldwide
Sales and Licensing, at Syngress Publishing; email or fax to 781-681-3585.


Acknowledgments
Syngress would like to acknowledge the following people for their kindness and support in making this book possible.
Syngress books are now distributed in the United States and Canada by O’Reilly
Media, Inc.The enthusiasm and work ethic at O’Reilly are incredible, and we would
like to thank everyone there for their time and efforts to bring Syngress books to
market:Tim O’Reilly, Laura Baldwin, Mark Brokering, Mike Leonard, Donna Selenko,
Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol Matsutaro, Steve Hazelwood, Mark
Wilson, Rick Brown,Tim Hinton, Kyle Hart, Sara Winge, Peter Pardo, Leslie Crandell,
Regina Aggio, Pascal Honscher, Preston Paull, Susan Thompson, Bruce Stewart, Laura
Schmier, Sue Willing, Mark Jacobsen, Betsy Waliszewski, Dawn Mann, Kathryn
Barrett, Karen Montgomery, John Chodacki, and Rob Bullington.
The incredibly hardworking team at Elsevier Science, including Jonathan Bunkell, Ian
Seager, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother,
Miguel Sanchez, Klaus Beran, Emma Wyatt, Chris Hossack, Krista Leppiko, Marcel
Koppes, Judy Chappell, Radek Janousek, and Chris Reinders for making certain that
our vision remains worldwide in scope.
David Buckland, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, Pang Ai Hua,
Joseph Chan, and Siti Zuraidah Ahmad of STP Distributors for the enthusiasm with
which they receive our books.
David Scott, Tricia Wilden, Marilla Burgess, Annette Scott, Andrew Swaffer, Stephen
O’Donoghue, Bec Lowe, Mark Langley, and Anyo Geddes of Woodslane for distributing
our books throughout Australia, New Zealand, Papua New Guinea, Fiji,Tonga, Solomon
Islands, and the Cook Islands.

v




Lead Author
Paul L. Piccard serves as Director of Threat Research
for Webroot, where he focuses on research and development, and providing early identification, warning, and
response services to Webroot customers. Prior to joining
Webroot, Piccard was manager of Internet Security
Systems’ Global Threat Operations Center.This state of
the art detection and analysis facility maintains a constant
global view of Internet threats and is responsible for
tracking and analyzing hackers, malicious Internet activity, and
global Internet security threats on four continents.
His career includes management positions at VistaScape Security
Systems, Lehman Brothers, and Coopers & Lybrand. Piccard was
researcher and author of the quarterly Internet Risk Impact
Summary (IRIS) report. He holds a Bachelor of Arts from Fordham
University in New York.

Technical Editor
Marcus H. Sachs, P.E., is SRI International’s Deputy
Director of the Department of Homeland Security’s
Cyber Security Research and Development Center, a
portfolio of several dozen cyber security R&D projects
managed by DHS and supported by SRI. Marc also
volunteers as the director of the SANS Internet Storm
Center and is a cyberspace security researcher, writer, and
instructor for the SANS Institute. After retiring from the
US Army in 2001 following a 20-year career as a Corps of
Engineers officer, Marc was appointed by President George W. Bush

to serve on the staff of the National Security Council as part of the
White House Office of Cyberspace Security from 2002 to 2003.
vii


Brian has been instructing courses for six years, including presentations at the annual DoD Cyber Crime Conference. He is an
avid amateur programmer in many languages, beginning when his
father purchased QuickC for him when he was 11, and has geared
much of his life around the implementations of technology. He has
also been an avid Linux user since 1994, and enjoys a relaxing terminal screen whenever he can. He has worked in networking environment for over 10 years from small Novell networks to large,
mission-critical, Windows-based networks
Brian lives in the Baltimore, MD area with his lovely wife and
son. He is also the founder, and president, of the Lightning Owners
of Maryland car club. Brian is a motor sports enthusiast and spends
much of his time building and racing his vehicles. He attributes a
great deal of his success to his parents, who relinquished their
household 80286 PC to him at a young age, and allowed him the
freedom to explore technology.
George Spillman is a Director for Acadine
Informatics, president of the computer consulting group
PixelBlip Digital Services, and one of the principals
behind ToorCon, the highly respected computer security
conference that draws in and educates some of the best
hackers and security experts from around the globe. As
such, he travels well in hacker circles and takes great
pleasure in poking and prodding the deep dark underbelly of the Internet. George is a frequent guest on television news
programs for his expertise and his ability to communicate complex
computer security and identity theft issues to non-technical audiences. His consulting clients include representatives from both the
Fortune 100 and the Fortune 100,000,000. In the past he has been
lured away from consulting by large wheelbarrows of stock options

to serve as Director of IT for an international pharmaceutical R&D
company, and would most likely do that again if the wheelbarrow
was included to sweeten the deal. George was a reviewer for the
Syngress book, Phishing Exposed, (ISBN: 159749030X).
ix


Marc has contributed to Syngress titles IT Ethics Handbook, Cyber
Adversary Characterization, and Zero-Day Exploits.
Marc holds a Master of Science in Computer Science with a concentration in Information Security from James Madison University, a
Master of Science in Science and Technology Commercialization
from the University of Texas, and a Bachelor of Civil Engineering
from the Georgia Institute of Technology. He is a graduate of the
Army’s Command and General Staff College, the Army Engineer
School, the Army Signal School, and the Army’s Airborne and Air
Assault schools. Marc holds an advanced class amateur radio license, is
a registered Professional Engineer in the Commonwealth of Virginia,
and is a life member of the Signal Corps Regimental Association and
the Armed Forces Communications and Electronics Association.
A native of Tallahassee, Florida, he currently lives in Virginia with his
wife and children.

Contributing Authors
Brian Baskin (MCP, CTT+) is a researcher and developer for Computer Sciences Corporation, on contract to
the Defense Cyber Crime Center’s (DC3) Computer
Investigations Training Program (DCITP). Here, he
researches, develops, and instructs computer forensic
courses for members of the military and law enforcement. Brian currently specializes in Linux/Solaris intrusion investigations, as well as investigations of various
network applications. He has designed and implemented networks
to be used in scenarios, and has also exercised penetration testing

procedures.

viii


Contents

Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Part I Instant Messaging Applications . . . . . . . . . . . . . . . 1
Chapter 1 Introduction to Instant Messaging. . . . . . . . . 3
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Major Instant Messaging Services . . . . . . . . . . . . . . . . . . . . .6
Instant Messaging Popularity . . . . . . . . . . . . . . . . . . . . . . . . .7
Common Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Third-Party Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Common Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Social Engineering and Identity Theft . . . . . . . . . . . . . .12
File Transfers and Messages Spread Malicious Software . .12
Worms and File TransferCircumvent Gateway
Security Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
IP Address of Workstation Revealed During Usage . . . . .14
Messages and Files are not Encrypted . . . . . . . . . . . . . . .15
Message Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
SPIM and Offensive Material . . . . . . . . . . . . . . . . . . . . .15
Client Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .22
Chapter 2 AOL Instant Messenger (AIM) . . . . . . . . . . . . 25
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

AIM Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
AIM Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
AIM Features and Security Information . . . . . . . . . . . . . . . .31
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
xi


xii

Contents

Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Group Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Audio Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
File Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
File Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Malicious Code and Client Security . . . . . . . . . . . . . . . . . .37
AIMDES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Oscarbot/Opanki . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Velkbot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Client Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Description: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Platforms Affected: . . . . . . . . . . . . . . . . . . . . . . . . . .45
Remedy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Consequences: . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
References: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .49
Chapter 3 Yahoo! Messenger . . . . . . . . . . . . . . . . . . . . 51

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Yahoo! Messenger Architecture . . . . . . . . . . . . . . . . . . . . . .52
Yahoo! Messenger Protocol . . . . . . . . . . . . . . . . . . . . . . . . .57
Features and Security Information . . . . . . . . . . . . . . . . . . . .59
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Message Archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Conferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Voice Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Yahoo! Chat Rooms . . . . . . . . . . . . . . . . . . . . . . . . . . .64
File Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
File Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Web Camera Settings . . . . . . . . . . . . . . . . . . . . . . . . . .66
Yahoo! Messenger Malicious Code and Client Security . . . .68
Worm Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
W32.Chod.B@mm . . . . . . . . . . . . . . . . . . . . . . . . .69
W32.Picrate.C@mm . . . . . . . . . . . . . . . . . . . . . . . .81
Client Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87


Contents

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .92
Chapter 4 MSN Messenger . . . . . . . . . . . . . . . . . . . . . . 95
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
MSN Messenger Architecture and Protocol . . . . . . . . . . . . .96
Features and Security Information . . . . . . . . . . . . . . . . . . .104
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Message Archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Whiteboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Application Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Voice Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
File Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Web Camera Settings . . . . . . . . . . . . . . . . . . . . . . . . .114
Malicious Code and Client Security . . . . . . . . . . . . . . . . .114
Malicious Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Worm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
W32.Kelvir.R . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
W32.Picrate.C@mm . . . . . . . . . . . . . . . . . . . . . . .122
Client Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Vulnerability Description . . . . . . . . . . . . . . . . . . . .126
Vulnerability Solution . . . . . . . . . . . . . . . . . . . . . .127
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .131
Chapter 5 ICQ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Introduction and History of ICQ . . . . . . . . . . . . . . . . . . .134
ICQ Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Group Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Message Archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Voice Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

xiii



xiv

Contents

File Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Web Camera Settings . . . . . . . . . . . . . . . . . . . . . . . . .141
Malicious Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Worm Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
WORM_VAMPIRE.A . . . . . . . . . . . . . . . . . . . . . .143
Identification and Termination . . . . . . . . . . . . . . . . .144
WORM_CHOD.B . . . . . . . . . . . . . . . . . . . . . . . .147
Client Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Multiple Vulnerabilities in Mirabilis ICQ Client . . . . . .149
Vulnerability Description . . . . . . . . . . . . . . . . . . . .150
Vulnerable Packages . . . . . . . . . . . . . . . . . . . . . . . .151
Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Technical Description . . . . . . . . . . . . . . . . . . . . . . .152
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .157
Chapter 6 Trillian, Google Talk, and Web-based
Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Trillian Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Trillian Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Trillian Malicious Code and Client Security . . . . . . . . .166
Google Talk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
Google Talk Features . . . . . . . . . . . . . . . . . . . . . . . . . .170
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . .170

Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Voice Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Web-based Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Web-based Client Features . . . . . . . . . . . . . . . . . . . . . .172
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . .172
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Circumventing Workstation Controls . . . . . . . . . . . .173
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .176


Contents

Chapter 7 Skype. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Skype Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Features and Security Information . . . . . . . . . . . . . . . . . . .183
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Chat History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Skype Calls(Voice Chat) . . . . . . . . . . . . . . . . . . . . . . .185
Group Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
File Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Malicious Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Client Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
A Word about Network Address Translation and Firewalls . .192
Home Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Small to Medium-Sized Businesses . . . . . . . . . . . . . . . .195
Large Corporations . . . . . . . . . . . . . . . . . . . . . . . . . . .195

What You Need to Know About Configuring Your
Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Home Users or Businesses Using a DSL/Cable
Router And No Firewall . . . . . . . . . . . . . . . . . . . . . . .197
Small to Large Company Firewall Users . . . . . . . . . . . .198
TCP and UDP Primer . . . . . . . . . . . . . . . . . . . . . . . .198
NAT vs. a Firewall . . . . . . . . . . . . . . . . . . . . . . . . .199
Ports Required for Skype . . . . . . . . . . . . . . . . . . . . . . . . .200
Home Users or Businesses Using a DSL/Cable
Router and No Firewall . . . . . . . . . . . . . . . . . . . . . . .200
Small to Large Company Firewall Users . . . . . . . . . . . .200
Skype’s Shared.xml file . . . . . . . . . . . . . . . . . . . . . . . .201
Microsoft Windows Active Directory . . . . . . . . . . . . . .202
Using Proxy Servers and Skype . . . . . . . . . . . . . . . . . . . . .205
Display Technical Call Information . . . . . . . . . . . . .207
Small to Large Companies . . . . . . . . . . . . . . . . . . .211
How to Block Skype in the Enterprise . . . . . . . . . . . . . . .211
Endnote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .215

xv


xvi

Contents

Part II Peer-to-Peer Networks. . . . . . . . . . . . . . . . . . . . 217

Chapter 8 Introduction to P2P . . . . . . . . . . . . . . . . . . 219
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220
Welcome to Peer-to-Peer Networking . . . . . . . . . . . . . . . .221
Enter Napster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Gnutella and a Purer P2P Network . . . . . . . . . . . . . . .225
The Rise of the Ultrapeer . . . . . . . . . . . . . . . . . . . . . .226
The Next Step: Swarming . . . . . . . . . . . . . . . . . . . . . . . .227
eDonkey (Kademlia/OverNet) . . . . . . . . . . . . . . . . . . .227
BitTorrent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Other Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Concerns with Using P2P Networks . . . . . . . . . . . . . . . . .231
General Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Infected or Malicious Files . . . . . . . . . . . . . . . . . . . . .231
Legal Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Sony Corp v. Universal City Studios . . . . . . . . . . . .233
A&M Records Inc. v. Napster Inc. . . . . . . . . . . . . . .234
MGM Studios Inc. v. Grokster Ltd. . . . . . . . . . . . . .234
RIAA vs.The People . . . . . . . . . . . . . . . . . . . . . . .235
The Future of P2P Networks . . . . . . . . . . . . . . . . . . . . . .236
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .237
Chapter 9 Gnutella Architecture . . . . . . . . . . . . . . . . . 239
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
Gnutella Clients and Network . . . . . . . . . . . . . . . . . . . . . .240
Gnutella . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
LimeWire . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
BearShare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Gnucleus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Morpheus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Gnutella Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
UltraPeers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245

Gnutella Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Peer Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Descriptor Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . .247
Ping/Pong Descriptor Packets . . . . . . . . . . . . . . . . .248


Contents

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .316
Chapter 12 FastTrack . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320
History of Clients and Networks . . . . . . . . . . . . . . . . . . . .320
The FastTrack Network . . . . . . . . . . . . . . . . . . . . . . . .320
Kazaa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
History of Kazaa . . . . . . . . . . . . . . . . . . . . . . . . . . .323
Morpheus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
Grokster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326
iMesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327
Spyware Bundling and Alternative Clients . . . . . . . . . . . . .328
AltNet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328
Kazaa Lite Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329
Kazaa Loaders . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330
External Utilities . . . . . . . . . . . . . . . . . . . . . . . . . .331
Kazaa Lite Resurrection Client . . . . . . . . . . . . . . . . . .331
K-Lite Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332
Network Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . .332
Supernodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334
Protocol Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336

Connecting Clients . . . . . . . . . . . . . . . . . . . . . . . . . . .337
Performing a Search . . . . . . . . . . . . . . . . . . . . . . . . . .339
Transferring Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339
The X-KazaaTag . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341
Features and Related Security Risks . . . . . . . . . . . . . . . . .343
Downloading and Copyright Violations . . . . . . . . . . . .343
Malicious Software . . . . . . . . . . . . . . . . . . . . . . . . .343
Fake Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344
Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346
Legal Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
Bandwidth Issues and Mitigation Steps . . . . . . . . . . . . . . . .347
Supernode Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . .348
Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348

xix


Contents

Query Descriptor Packets . . . . . . . . . . . . . . . . . . . .249
QueryHits Descriptor Packets . . . . . . . . . . . . . . . . .250
File Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252
Features and Related Security Risks . . . . . . . . . . . . . . . . .254
Problems Created by P2P in the Enterprise . . . . . . . . .254
Infected Files:Trojans and Viruses . . . . . . . . . . . . . .255
Misconfigured File Sharing . . . . . . . . . . . . . . . . . . .256
Copyright Infringement . . . . . . . . . . . . . . . . . . . . .257
File Transfers Reveal IP Address . . . . . . . . . . . . . . . .257
Technical Countermeasures for Gnutella . . . . . . . . . . . . . .257

Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
IPTables String Match Module . . . . . . . . . . . . . . . .260
Snort IDS Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .265
Chapter 10 eDonkey and eMule . . . . . . . . . . . . . . . . . 267
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
History of the eDonkey and eMule Clients and Networks 268
The eDonkey and eMule Networks . . . . . . . . . . . . . . .271
Features and Related Security Risks . . . . . . . . . . . . . . . . .275
Copyright Infringement . . . . . . . . . . . . . . . . . . . . . . .275
Malicious Software . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Poisoned Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
Misconfigured Sharing . . . . . . . . . . . . . . . . . . . . . . . . .277
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
Vulnerability Description . . . . . . . . . . . . . . . . . . . .278
Vulnerability Solution . . . . . . . . . . . . . . . . . . . . . . .278
Vulnerability Provided and/or Discovered by
PivX Bug Researcher . . . . . . . . . . . . . . . . . . . . . .278
Vulnerability Description . . . . . . . . . . . . . . . . . . . .279
Vulnerability Solution . . . . . . . . . . . . . . . . . . . . . . .279
Vulnerability Provided and/or Discovered By . . . . . .279
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .282

xvii



xviii

Contents

Chapter 11 BitTorrent . . . . . . . . . . . . . . . . . . . . . . . . . 285
History of the Network . . . . . . . . . . . . . . . . . . . . . . . . . .286
BitTorrent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287
BitTornado . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
Azureus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
BitComet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .289
Other Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290
ABC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290
µTorrent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290
G3 Torrent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Shareaza . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Network Architecture and Data Flow . . . . . . . . . . . . . . . .291
Torrent Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Trackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Of Leechers and Seeders . . . . . . . . . . . . . . . . . . . . . . .294
Trackerless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295
Protocol Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
Bencoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
Torrent Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Tracker Connections . . . . . . . . . . . . . . . . . . . . . . . . . .299
Peer Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . .302
Peer States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
Peer Wire Protocol Messages . . . . . . . . . . . . . . . . . .305
Peer Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307
Peer Data Transmission . . . . . . . . . . . . . . . . . . . . . .307
DHT Connections . . . . . . . . . . . . . . . . . . . . . . . . . . .307

Features and Related Security Risks . . . . . . . . . . . . . . . . .308
Copyright Infringement . . . . . . . . . . . . . . . . . . . . . . .308
Poison Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Automatic Sharing of Data . . . . . . . . . . . . . . . . . . . . .310
Bandwidth Issues and Mitigation Steps . . . . . . . . . . . . . . .310
Bandwidth Scheduling . . . . . . . . . . . . . . . . . . . . . . . . .311
Trackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
Sharing of Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
Snort IDS Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312


xx

Contents

IPTables String Match Module . . . . . . . . . . . . . . . .349
P2PWall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350
Snort IDS Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .356
Part III Internet Relay Chat Networks . . . . . . . . . . . . . 359
Chapter 13 Internet Relay Chat—Major Players of IRC 361
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362
IRC Jargon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363
Nick . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364
Ident or Username . . . . . . . . . . . . . . . . . . . . . . . . .364
Channel Operator . . . . . . . . . . . . . . . . . . . . . . . . .364
Nick Delay and Time Stamps . . . . . . . . . . . . . . . . .365
Nick Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
Time Stamps . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367

IRC Server Software Packages . . . . . . . . . . . . . . . . . . . . . .368
ircd 2.11.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369
ircd-hybrid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369
bahamut . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369
ircu (and Derivatives) . . . . . . . . . . . . . . . . . . . . . . . . . .370
UnrealIRCd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370
Major Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .371
Quakenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .371
Undernet, IRCnet, DALnet and EFnet . . . . . . . . . . . . .372
Rizon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
GameSurge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
Freenode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .376
Chapter 14 IRC Networks and Security . . . . . . . . . . . . 377
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378
IRC Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378
EFnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
DALnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381


Contents

NickServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381
ChanServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
Undernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .384
IRCnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385
IRC Servers in Sum . . . . . . . . . . . . . . . . . . . . . . . . . .385
File Transfer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . .386

IRC Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .388
Automated Shares/Fserve Bots . . . . . . . . . . . . . . . . . . . . .388
File-Sharing Botnets . . . . . . . . . . . . . . . . . . . . . . . . . .390
Channel Protection Botnets . . . . . . . . . . . . . . . . . . . . .390
Channel Takeover Botnets . . . . . . . . . . . . . . . . . . . . . .391
Channel Flooding Botnets . . . . . . . . . . . . . . . . . . . . . .391
Spamming Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . .392
DDoS Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .392
Proxy Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .392
Other Uses for IRC Bots . . . . . . . . . . . . . . . . . . . . . .393
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .396
Chapter 15 Global IRC Security . . . . . . . . . . . . . . . . . 399
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .400
DDoS Botnets Turned Bot-Armies . . . . . . . . . . . . . . . . . .400
Methods of Botnet Control . . . . . . . . . . . . . . . . . . . . .401
Reprisals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .404
The ipbote Botnet: A Real World Example . . . . . . . . .405
Information Leakage . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407
Copyright Infringement . . . . . . . . . . . . . . . . . . . . . . . . . .408
Other Forms of Infringement . . . . . . . . . . . . . . . . . . .408
Transfer of Malicious Files . . . . . . . . . . . . . . . . . . . . . . . . .411
How to Protect Against Malicious File Transfers . . . . . .413
What to Do if a Malicious File Infects Your Network . .414
Prevention of Malicious File Sends in the Client . . . . . .414
DCC Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414
Firewall/IDS Information . . . . . . . . . . . . . . . . . . . . . . . . .415
Port Scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415
IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415


xxi


xxii

Contents

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .417
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .417
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .419
Chapter 16 Common IRC Clients by OS . . . . . . . . . . . 421
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422
Windows IRC Clients . . . . . . . . . . . . . . . . . . . . . . . . . . .422
mIRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422
X-Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424
Opera IRC Client . . . . . . . . . . . . . . . . . . . . . . . . . . . .425
ChatZilla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425
WinBot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425
Visual IRC (vIRC) . . . . . . . . . . . . . . . . . . . . . . . . . . .425
Trillian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425
UNIX IRC Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426
X-Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426
IRSSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427
BitchX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427
KVIrc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428
sirc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428
ircII . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428
Apple Macintosh IRC Clients . . . . . . . . . . . . . . . . . . . . . .428
ChatNet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428

Snak . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429
Homer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429
Ircle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429
MacIRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429
Colloquy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430
Other IRC Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430
PJIRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431
J-Pilot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431
CGI:IRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431
SILC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .435
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437


Foreword

I’ve been expressing my concerns about IM and P2P security to colleagues,
students, and clients for nearly a decade. Initially, what I saw coming down the
pike and communicated to others fell on deaf ears. I heard things like “yeah,
yeah, this is all just novelty software for home users, hackers, and copyright violators” and “these technologies will never have a place in the enterprise.” But I
knew this was going to be big. Not to mention a good opportunity for me as
an information security consultant. So I stuck with it.
Over three years ago I gave a presentation on instant messaging security at
several security conferences.The interesting thing about these sessions is that
they were chock full of IT and security professionals eager to learn how to
secure their corporate conversations. Later that same year, I served on a panel
(which included a member of the RIAA of all people!) to talk about P2P use
and concerns. Again, this session was full of people eager to see what it was all

about, and how to keep it under wraps. People were starting to come around.
Even to this day, network managers will make you think that IM and P2P
will never come to fruition in a business environment. However, year after year,
studies show increasing usage of IM and P2P within business networks. I can
certainly attest to seeing tons of IM and P2P traffic on networks that I’m
assessing as well.The reality is these technologies are everywhere on corporate
networks and they’re not going away. People are only going to become more
and more dependent on them—especially once their business value sinks in.
Further fueling the fire, more and more vendors (especially Microsoft) are
jumping aboard the IM and P2P bandwagon.This will only perpetuate
their use.

xxiii


xxiv

Foreword

As with any new technology, there are always going to be security issues to
contend with. Security flaws and general misuse of IM and P2P can lead to
innumerable losses of intellectual property, personal information, network bandwidth, and even employee productivity. But this is nothing new.We’ve all experienced the security pains associated with e-mail,Web-based applications,
wireless networks, and so on—we just have to apply old solutions in a new
context.
In all but the most stringently controlled networks, it’s futile and counterproductive to ignore the presence of IM and P2P in your enterprise. I’m the
first to admit that serious business value can come from these applications.
However, as with anything of value, IM and P2P do have their risks. But this
can be controlled, especially if it’s approached from all the critical angles—not
just from a technical perspective.
If you’re going to be effective and successful in managing and securing IM

and P2P long-term, it’ll require some effort.You’ll need to develop organizational standards and policies, ensure policies are being enforced with technical
solutions where possible, and perform ongoing security testing to make sure no
new risks have been introduced by these applications or the people using them.
The best way to go about doing this is to have the involvement and support of
upper management.
There has never been a better time for IT professionals to get that buy-in
and get a grip on the security risks associated with IM and P2P.The most logical place to start is here—the best resource I’ve ever seen on IM and P2P security—to point you in the right direction.
—Kevin Beaver
Founder and information security
consultant for Principle Logic, LLC

www.syngress.com


Part I
Instant Messaging
Applications

1