7.6 Detecting Malicious IM If computers on your network are not supposed to be using IM clients , you can search for the default TCP/IP port numbers each service uses. I've often found IM traffic on networks and file servers that network administrators and management did not know about. On a single PC or file server, you can use the NETSTAT command, and on a network you can use a firewall to discover hidden IM traffic. Table 7-1 lists common instant messaging TCP/IP port numbers. Table 7-1. Default IM TCP/IP port numbers
Detection can be tougher if the client computer is supposed to be using Instant Messaging software. However, here are the steps you can follow to detect malicious IM programs:
|
Team-Fly |
Top |