[Snort-users] OT: Recording IM sessions

Paul Melson pmelson at ...11827...
Wed Jun 22 10:27:31 EDT 2005

That's certainly part of it - many companies have regulatory and/or policy
obligations to prevent or at least monitor IM traffic.  And there's no
expectation of privacy with your employers' computers blah blah blah...

The other part of it is that most IM technologies (AIM, IRC, ICQ, etc.) are
gaining popularity as attack vectors and backdoor channels.  Most have means
of transferring files or running some form of script that can perform some
variation of a shell().  And many of these systems are designed to
circumvent firewall rules that would otherwise restrict access to them.
(And I don't just mean searching for unblocked ports, though some clients
definitely will - Yahoo in particular can work through an HTTP proxy using
GET and POLL requests, so blocking CONNECT isn't good enough anymore.)



Subject: RE: [Snort-users] OT: Recording IM sessions

I don't mean to pry on this conversation, which means I will, but unless
it's giving up Company secrets, or discussing a commision of a criminal act
is there really anything you can legally do about it.
Not unless your company policy covers what people can and can not have
conversations about.
Or am I not getting what this conversation is about?

More information about the Snort-users mailing list