Re: [m0n0wall] OT: Central logging of AIM

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] OT: Central logging of AIM
Date:	Tue, 9 May 2006 12:44:54 -0400

On 5/9/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> I know this is a bit off topic, but the best computer people I know are on
> this list! :-) So...
>
> I have a client who uses AIM for business.  He needs to centrally log all
> AIM conversations.  It is a small company (25 seats) so a $10,000 security
> appliance is not a good solution.  Besides, it would replace m0n0wall, which
> is performing very well.  All I need is an AIM proxy.  FOSS would be best,
> but cheap is OK as well.  Any suggestions would be greatly appreciated.
>

I'd probably just drop in some old PC running FreeBSD 6.1 and aimsniff
on a span port, or a hub off the LAN interface of the firewall if I
had to.  http://www.aimsniff.com

That's assuming AIM hasn't added any encryption capabilities in the
last year or so, it's been that long since I've looked at any AIM
traffic.  I seem to recall some add on software for AIM that does
allow encryption of message contents, this would also assume nothing
like that was in use.  Granted, any network-based IM monitoring would
have trouble in cases like that.

-Chris