Burton Strauss wrote: > Lots of the IM programs play nice - until you try and block them. For > example, AIM uses port 5190. If that gets through, it's easy to > track/monitor/capture. But if the 5190 port is blocked (for whatever > reason), the AIM program tries other ports which are rarely blocked (e.g. > 80) because they're common web user services. > > -----Burton
That was kinda my point - MSN Messenger does that too, but it also tags its communications (over that port, at least) with a MIME content-type header, and I got a bit lucky because of it, since my firewall also evaluates http content based on MIME content-type headers. Sheer luck, but sometimes it's better to be lucky than good. The interesting question is whether the other IM apps also do something that would tag their chatter that way, allowing better logging/control. Kurt _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
