Friday, August 22, 2008

How to Scan for Yahoo Messenger

Part of my regular job is to scan the internal network for rogue software installations and unauthorized software. I fiddled again with Nmap to scan for Yahoo Messenger in my home network and this is a snapshot of my findings:

snapshot of nmap to scan for TCP 5101:


Interesting ports on 10.252.236.117:
PORT STATE SERVICE
5101/tcp filtered admdog
MAC Address: 00:0B:CD:A2:10:24 (Compaq (HP))

Interesting ports on 10.252.236.122:
PORT STATE SERVICE
5101/tcp open admdog
MAC Address: 00:1B:38:9E:D9:3E (Compal Information (kunshan) CO.)

Interesting ports on 10.252.236.126:
PORT STATE SERVICE
5101/tcp filtered admdog
MAC Address: 00:0F:20:24:28:30 (Hewlett Packard)

note that I found one YM install, the one with admdog open on TCP 5101.

Yahoo Messenger is unwelcome in a corporate environment. It's a big security hole, I tell you. Ban it if you will. Installing anything on office PCs need official approval from Information Security and the installation to be performed by IT staff.

Time to draft a letter reprimand to the concerned staff!

No comments:

Post a Comment