Is AIM Really a Bandwidth Hog? 151
Crispen asks: "A mess of schools, especially K-12 schools in the US, have banned instant messaging, claiming that it is a huge bandwidth hog. Is it? If you block ports 4443 (images) and 5190 (file transfers), how much bandwidth does AIM really take?"
maybe (Score:4, Interesting)
Then again, given the amount of time most my teachers spent just trying to figure out how to work a computer during my classes' time in the computer labs because they were never trained, I'd say having computers in the classrom is more of a bandwidth hog.
Not Bandwidth - Tracking and Filtering (Score:5, Informative)
The bandwidth use is negligible
Jason
Re:Not Bandwidth - Tracking and Filtering (Score:3, Insightful)
Re:Not Bandwidth - Tracking and Filtering (Score:5, Funny)
Holy crap! So what you are actually saying here is that starting a school is the solution to all my broadband problems?
:)
Re:Not Bandwidth - Tracking and Filtering (Score:2)
Starting a school, going to school/college, sneaking into a school you aren't going to, claming to be a tech guy and that you know what you're doing, going to the library, going to your local radio shack, going over to your in laws' house...
Re:Not Bandwidth - Tracking and Filtering (Score:1)
We read all kinds of crap "as an IT department we believe these and these ports are bad..", get over it, you are not preachers, neither social advisors.
Nice to hear some real cases of enforcement coming out.
Re:Not Bandwidth - Tracking and Filtering (Score:4, Insightful)
Re:Not Bandwidth - Tracking and Filtering (Score:2)
Re:Not Bandwidth - Tracking and Filtering (Score:2, Interesting)
http://www.aimsniff.com/ [aimsniff.com]
Re:Not Bandwidth - Tracking and Filtering (Score:3, Insightful)
If they don't have the staff to monitor instant messages then it is impossable for them.
Re:Not Bandwidth - Tracking and Filtering (Score:2)
All those schools can easily get together to hire someone to create a regex list generator (no need for fancy optimizations, just basics).
Re:Not Bandwidth - Tracking and Filtering (Score:1)
Re:Not Bandwidth - Tracking and Filtering (Score:2)
Re:Not Bandwidth - Tracking and Filtering (Score:2)
Granted that you could probably build a user-space filter with a linux box pretty easily that would look for certain patterns and raise alarms / install blocks for certain packets.
Probably take me about a day or two to do it right, but it's a very realistic project considering how easy Netfilter is to use and program for. Performance impact is another question, but again, netfilter comes to the rescue. You can add a filter to your main firewall that routes all AIM traffic through another dedicated box.
Re:Not Bandwidth - Tracking and Filtering (Score:3, Interesting)
The problem is NOT the ability to monitor and filter AIM message content. Hell, you can do that with a combination of the packetsocket module and a perl script.
The problem is that MOST commonly used IM systems (AIM, Yahoo and MSN Messenger) are server-centric making it impossible to track the actual origin of messages to an IP address without the server owner's cooperation. It appears, in this instance, that AOL rather oddly decided to defy a federal subpoena rather than reveal the identity of an AIM user who had clearly violated federal law.
What good does it do the authorities to know that the school received a bomb threat if they can't find out who it came from? I think that the school district did the right thing in this instance.
Re:Not Bandwidth - Tracking and Filtering (Score:1)
Re:Not Bandwidth - Tracking and Filtering (Score:1)
Since when can the FBI issue search warrants?
Re:Not Bandwidth - Tracking and Filtering (Score:2)
Jason
Re:Not Bandwidth - Tracking and Filtering (Score:1)
i hate over-protective parents/schools/authorities in general.
i was always taught if you made a mistake yourself you would never make it again...if you get everything given to you...you gain nothing
but ya...at least there is still a land of the free north of the american border...
Re:Not Bandwidth - Tracking and Filtering (Score:1)
Re:Not Bandwidth - Tracking and Filtering (Score:1)
someone could leave a piece of paper on the ground saying "i have placed a bomb in this school" and put it near the office.
what are you going to do? ban paper and pens in the school?
you cant shoot the messanger...even if he doesnt tell you where he comes from
come on now, i am sure that children could think of more ways to make bomb threats than aim...
Re:Not Bandwidth - Tracking and Filtering (Score:1)
Re:Not Bandwidth - Tracking and Filtering (Score:2)
I hope you *tell* the students that you're doing this. Otherwise, you're committing a federal crime in monitoring what they're doing -- falls under the wiretapping laws.
Re:Not Bandwidth - Tracking and Filtering (Score:3, Insightful)
I wish I did have rights though...
Re:Not Bandwidth - Tracking and Filtering (Score:2)
Jason
Free Speech (Score:2)
Just out of curiosity, do you *approve* of these policies? I'd have to say that I feel that the ability to privately say what you want to is fundamentally a fairly reasonable thing.
AIM is an extremely inexpensive, versatile tool that many people use in the workplace and in college. Why deny it to high-schoolers?
After having some incidents with AIM (including a bomb threat that AOL would not trace for us, even with a search warrant from the FBI), we shut down all Internet-based instant messaging programs.
This, also, I don't understand. It seems to me like AIM's getting scapegoated here. There are many, many ways to make untraceable bomb threats. Hell, take a computer, type it out, print it, and leave it somewhere, handling the paper with plastic gloves and leaving it in a plastic envelope. Bomb threats are sort of part of high school life -- I remember a couple in high school. AIM's not at fault here.
The liability of having Internet traffic that is basically untraceable without a sniffer is something we can't have.
Frankly, *I* found the constant monitoring of everything we did in high school abhorrent and Orwellian, and with a number of friends, constantly went around the school disabling monitoring systems (which happened to use a client-side system).
Re:Not Bandwidth - Tracking and Filtering (Score:1)
SQUID (Score:1)
Re:Not Bandwidth - Tracking and Filtering (Score:2)
You might want to check this out: http://www.instant-message-spy.com/ [instant-message-spy.com]
Re:Not Bandwidth - Tracking and Filtering - wrong (Score:1)
Re:Not Bandwidth - Tracking and Filtering (Score:1)
virii, like stealth-c , just FYI
Peace
Out
Re:Not Bandwidth - Tracking and Filtering (Score:2)
Re:Not Bandwidth - Tracking and Filtering (Score:2)
Port 5190 (Score:1, Insightful)
Now, granted I haven't tried this, but I believe you can always reconfigure AIM (and gaim, of course!) to use a different port, so that doesn't really block AIM. Now, I don't know much OSCAR (the AIM protocol), but it's possible that it uses incoming port 5190 to recieve file transfers...but what are people going to be transferring from school, anyway?
Re:Port 5190 (Score:2)
Jason
Re:Port 5190 (Score:5, Informative)
Re:Port 5190 (Score:2)
Jason
Re:Port 5190 (Score:2)
Re:Port 5190 (Score:2)
pr0n (Score:2, Funny)
Ah, that's nothing (Score:1)
I've seen system administrators on european universities that have absolutely no idea how to set up a firewall.
An example is when they block anything except port 80. Then, they open anything, so anyone can use kazaa, do some cracking and generally abuse the academic bandwidth.
Then, they block it back again! so, they prove, port 80 is the only thing they know, so thats the only thing they can allow if they start blocking.
If you've lived on such a great administration environment - surprise surprise, it's so strange they use windows for name serving as well - that's really nothing.
Trust me, blocking prv messaging is nth compared to a blocked 22.
Re:Ah, that's nothing (Score:1)
hah. watch out for those crazy crackers
and what is blocking 22 going to do?
blocking a default port for anything is only going to keep the stupid people out, who most likely arent abusing but casually using it
Enormous consumer of mental bandwidth (Score:4, Interesting)
Instant Messaging can allow excellent, speedy communication in teams, but it can also utterly destroy productivity during lectures. AIM et all should be banned from installation on institution owned student computers, or at the very least, used in a very selective manner.
Re:Enormous consumer of mental bandwidth (Score:1)
You are a system administrator, you are here to block kazaa, movie downloading, perhaps illegal porn etc, but please, you are not a preacher neither a social advisor or a teacher.
Re:Enormous consumer of mental bandwidth (Score:3, Insightful)
Otherwise, AIM is a distraction like passing around a porn mag in the back of class.
Re:Enormous consumer of mental bandwidth (Score:2, Insightful)
Re:Enormous consumer of mental bandwidth (Score:2)
+5 Insighful. Thank you.
But in my cynical capacity, I wonder if we should figure that many schools aren't there to teach, but to indoctrinate workers/consumers, in which case fear, stress, and hate may be just the motivators that America Inc. wants in its peons. Fear of being fired or ostracized and so not keeping up with the Jones's throwaway consumer McCulture, stress to make sure they work hard and just follow orders, and hate and class envy to make sure they stay on the treadmill.
(And no, I'm not a loony lefty, or really a lefty at all.)
Re:Enormous consumer of mental bandwidth (Score:2, Interesting)
I'm about as liberal as they come, but when people tell me they have to be allowed to disrupt, or speak in ebonics or allowed to use instant-messaging short hand in class I get queasy.
Re:Enormous consumer of mental bandwidth (Score:1)
When someone keeps the porn mag or inet personal or to his/her friends, then it's their fault and their problem or just their choice.
Re:Enormous consumer of mental bandwidth (Score:1, Flamebait)
How productive can one be during a lecture?
Re:Enormous consumer of mental bandwidth (Score:2, Interesting)
If I'm not going to be concentrated because of prv messaging, I won't be due to that hot female student next to me too.
So, all this crap about productivity is utterly nonsense. Nice to hear some real reasons as "we got untraceable threats through AOL by allowing that prv msg systems", but productivity control? Poliiiise. If you don't wanna learn, a firewall won't help you.
Re:Enormous consumer of mental bandwidth (Score:1)
Re:Enormous consumer of mental bandwidth (Score:5, Insightful)
I used IM and EMail regularly throughout the day to communicate with my teachers and fellow students. My productivity would take a big dump without either technology. If I lost both, well fuck I might have to use a telephone! Hey everybody lets ban all forms of communication other than written mail! Wake up.
Using AIM during a lecture is a totally different problem and shouldn't require BANNING it from the lab. IMNSHO it's no different from using a CELL PHONE during a lecture and the teacher should deal with the problem accordingly. And if it's a lab where people are typing anyway and the teacher can't tell that the student is IMing then who cares? Students aren't robots and you can't FORCE them to learn no matter how hard you try. If they can IM in lab and still pass then more power to 'em. If they fail then too damn bad, it's their own damn fault.
Who is at fault? (Score:3, Insightful)
AIM et all should be banned from installation on institution owned student computers, or at the very least, used in a very selective manner.
At some point, you have to place some responsibility on the students. You can't simply control them throughout school (and then expect them to suddenly mature on graduation day).
If people are going to screw up, they're going to do it. I've never understood why IT personnel (more than general managers in the workplace or teachers in school) feel a deep-seated need to try to control behavior like this.
Schools I've had to deal with... (Score:5, Interesting)
There's two main reasons we've taken to blocking any form of IM, or in fact anything that isn't HTTP/FTP, to student desktops. First, of course, is the somewhat limited bandwidth, although this was the least of our reasons. Secondly, and far more importantly, is the element of control: with a transparent proxy through which all HTTP and FTP traffic is routed, we can (a) cut down the amount of input bandwidth needed, and (b) implement a certain amount of filtering (well known porn sites, ads, etc).
Not having IM installed on each desktop also means that there's not configuration problems. Realistically schools have to support one environment, and IM systems, with the number that there are, complicate this no end (imagine the arguments if AIM is the only one supported by a school, but a large percentage of kids use MSN...).
Realistically, if kids want to use IM, they're welcome to do so at home on their own (usually dialup) time. Likewise with any other non-HTTP access. I personally don't see it at that disabling; if kids want to IM each other, they can go back to "pass-it-on" notes. :-)
Re:Schools I've had to deal with... (Score:2)
(imagine the arguments if AIM is the only one supported by a school, but a large percentage of kids use MSN...)
That's why we have wonderful clients like Gaim [sf.net] that understand all major (and some minor) IM systems in one client. The Windows port is in good shape, aside from some minor GTK weirdness. Although I realize it's not the major issue for your setup, "supporting one environment" and letting everyone eat their cake aren't mutually exclusive these days ...
Re:Schools I've had to deal with... (Score:3, Insightful)
Schools are for learning; IM doesn't improve that. On the other hand, starvation and constipation don't improve learning function either (try learning something when you really need to go to the loo).
If you really categorise basic bodily functions in the same "lump" as IM, then I'm really fearful for you. Get a life already. :-)
Seriously though, if you can show how IM is an "essential" function which should be every schoolkid's right to use during school hours, then I'm more than happy to hear it. We tried, and couldn't find a reason to keep it (and teachers complained about the distraction), so out it went.
Re:Schools I've had to deal with... (Score:2)
In all seriousness, such systems exist, and we can pick up on them just as quickly as the kids do, thus negating any usefulness they might otherwise have had. If a site's only available in-room for thirty minutes, it's not much use, is it?
As some coward also said, there's such a thing as a whitelist, too; we don't actively use one, and probably wouldn't bother. People do check the logs regularly though.
Re:Schools I've had to deal with... (Score:2)
To answer the question: (Score:3, Insightful)
Re:To answer the question: (Score:2)
This is not a problem. Most firewalls (particularly NAT-based firewalls) will not allow file transfers via AIM since it requires a new, direct, P2P connection be established. I know from experience that a Cisco PIX firewall (at least with the default ruleset) will not allow file transfers, nor will a Linux IPTables with a NAT or stateful ruleset.
Re:To answer the question: (Score:2)
Re:To answer the question: (Score:1)
Ideally, it should work that way. But in my experience, both sides need to be open. Maybe they've changed their clients since the last time I tried. I'll have to try it again.
Re:To answer the question: (Score:2)
in that situation, its best to establish a 'direct im ' connection first, in the way that works quickly, and then send files
I Have A Net Admin Friend At A School (Score:4, Interesting)
To fix it, they rerouted ads.aol.com (i just made up that DNS) to their own servers and sent their own images back localally.
This is too bad. (Score:5, Informative)
Now before you go on about emailing my files, my college had the myopic foresight to limit email to 5 megs per attachment. My senior thesis was over 19 megs and my thesis advisor couldn't figure out how to open it after I split the files into email sized pieces. Turns out he didn't have winzip but that's another story. Make a long story short, his computer didn't have AIM and I had to turn a hard copy in late.
Once AIM caught on we had files going in and out of the department all the time. Students began collaborating on AIM. This was a commuter college and students HATE collaborating. AIM takes some of the sting out of having to drive in at the one awkward time when everyone can meet.
I can understand schools wanting to control net access but there are better ways to go about doing it. How many naughty files slip through the filters anyway. Blocking AIM isn't going to stop a determined kid but it will chill an effective means of communication between students and the school.
At the rate some schools are going all those computers will turn into nothing more then a complicated Cable TV system attached to a word processor.
Re:This is too bad. (Score:4, Informative)
It ain't hard to setup an FTP server at home, and most Universities (Colleges for the yanks) allow FTP access to their students.
Why not just use that?
Re:This is too bad. (Score:1)
Quite frankly FTP is a pain in the ass to deal with if you're only moving a few files back and forth. Why run two programs that do the same thing. Memory is a scarce commodity for a poor student. AIM was already running for chat. As I've said, my professor didn't have a copy of winzip on his computer. I can't imagine him running an FTP client much less a server.
And we have Universities too. We don't need you to define the word for us.
Re:This is too bad. (Score:1)
Re:This is too bad. (Score:1)
Re:This is too bad. (Score:2)
Okay, how about a web server? Your professor can run a web browser, can't he?
Re:This is too bad. (Score:2)
Jeez.. nine years go past, and it sounds like bloomin' stone age already...
Why IM is better for this than FTP (Score:5, Interesting)
Why not just use that?
Because FTP isn't designed for this. FTP is great if you have an always-on machine at the same IP (or at least hostname). It was originally designed to let a user work with files in *his* account's disk space.
AIM and other IM programs with file-transfer capabilites are far better suited to most home users. The IP of the user may change. The user may only come online at some time. The remote user is made aware of this ("Oh, John's on. I can send him that presentation file."), since an IM program handles registering and retransmitting this information.
Furthermore, FTP exposes a whole collection of directories, and generally (unless you hack things up) grants write and list access to *other* things in an upload directory. The user wants to make available a *single file*, and wants to know when the transfer is done, so that they can get offline. IM clients do a better job of providing this functionality than do FTP server/clients.
Often, file transfer is done at the same time people are talking to each other. This combines two frequently-used-together services, since an IM client would likely be necessary anyway.
Finally, even setting up an FTP system to approximate the model desired is *much* more work. You'd need a dynamic hostname, need to run a daemon to keep it up to date, the remote person would need to have a program that keeps trying to log in to tell when you're online, you'd need to set up permissions so that your server didn't let people see files that other people uploaded, you'd need some monitor for people logging in...
FTP was designed in an era where people didn't have goddamn filewalls or NAT all over. Frankly, they do now, and pose a major irritation if someone's trying to send a file. AIM is quite good at dealing with firewalls.
Also, FTP security sucks. Kerberized FTP is *very* rarely used, as is SSL-tunneled FTP. Plaintext passwords...not even MD5 support. Ick. Granted, most popular messaging protocols aren't much better, but they are improving.
So while FTP is better for the task that it was designed for, for the kind of thing this guy is doing, he's better off with IM.
Re:Why IM is better for this than FTP (Score:2)
Still a hack -- and not as good from a user POV.
No modern FTP server has these flaws. Or if you're using one that does, then switch to another one (any of them)... I reccommend ProFTPd.
If you don't have list of upload, you also lose the ability to do resumes of failed transfers. (licq, the only IM client I use, *does* have the ability to do this, so I would assume that AIM does as well). Many UNIX FTP servers (possibly not ProFTPd) use the UNIX permission system to handle security, which does not differentiate between creation and write access for files.
Not in this case. In this case, the guy is trying to access files on his unattended computer at home. Basically, exactly what FTP (or better yet, SSH) is for.
Hmm. The part I was reading was about people collaborating.
How terribly sad. (Score:2)
Re:This is too bad. (Score:3, Funny)
Sounds like an exciting story!! Please, do tell!
Re:This is too bad. (Score:2)
This is exactly what some of the K12 schools are looking for. They want something that can be used to facilitate the writing of papers, the display of educational multimedia bits, and then with complete monitoring/supervision, maybe teach a bit about the general computing and the internet.
Plus I'm sure there's a whole different set of rules when there are minors in the school vs. a college or university.
senior thesis was over 19 megs! (Score:2)
Let me guess, your senior thesis was written in word and only 22 pages long? Wow, I gotta get back into an american university. I can crank out 19 meg word docs every week
the AC
First you take
Not IMO (Score:5, Funny)
The protocol itself is not as efficient as it COULD be. I did notice occasional repeated messages, and signon/signoff messages are repeated frequently. But we're still talking about piffiling small bandwidth.
PS I'm just kidding and I didn't actually do anything that I've described in this post. By reading this post you agree that I didn't run a sniffer, or reverse engineer AIM's protocol just by watching it's traffic in a sniffer.
Whoops (Score:3, Funny)
Ah, you put your condition at the end. I can't agree to something by reading a post without knowing the condition first. Plus there's the questionable enforceability of ERLA's (end-reader user agreements).
But don't worry. You've already done far more to publish your self-incrimination than I could possibly expand upon. Besides, "gossip wants to be free."
Now, where do I pick up encrypted AIM?
Re:Whoops (Score:1)
here [trillian.cc] or there. [sf.net]
Re:Whoops (Score:1)
Thx.
Now, if only encrypted email were the default. And automatic spam "feedback."
Re:Whoops (Score:2)
If you can stand using another protocol, I'm probably most impressed with the security in Jabber (I've played with gabber), which encrypts everything under the sun and uses GPG for authentication...
Re:Whoops (Score:1)
gaim-e
http://gaim-e.sf.net [sf.net]
Re:Not IMO (Score:2)
So you spent college wanking off to other people's cyber-sex?
What's that called, um, meta-cyber-sex? Anonymous three-way? Text voyeurism? Textual harrasment? Even more pathetic than most geeks' college sexual misadventures?
Re:Not IMO (Score:2)
>
> What's that called, um, meta-cyber-sex? Anonymous three-way? Text voyeurism? Textual harrasment? Even more pathetic than most geeks' college sexual misadventures?
No, it's alled "Total Information Awareness" *G*
Re:Not IMO (Score:3, Funny)
Re:Not IMO (Score:2)
When I was in a dorm back in '97, I had a great little "tool" called boink. It would administer, with surgical precision, the "ping of death" to any Wintel machine of my choosing. When someone really pissed me off, I would wait until about 2am when they were almost finished writing that 20 page paper before I sent it down the wire!
For those of you who don't remember, or are too young to remember, the "ping of death" was basically a malformed ping that would cause any Wintel (including Server!) to instantly BSOD and completely lock up. Everyone's PC had a Windows Share name that was their own name - very easy to identify who's pc was who's on the lan. Plus Samba gives me the IP of any windows share computer... you get the idea.
It took M$ a very long time to release a fix and I enjoyed every boinkin' minute. Didn't make many friends tho
Re:Not IMO (Score:2)
Just access AIM through a telnet gateway. (Score:2, Interesting)
AIM's an ACK whore... (Score:2)
levine
The Simple Solution (Score:1)
Not really... (Score:1)
My recent experience (Score:3, Interesting)
However, one of my roommates has a sister that has recently discovered AIM's DirectIM feature. She seems to like it because she can see if the remote party is typing or not. That's nice, but these connections seem to use quite a large amount of bandwidth even when completely idle. I didn't get exact numbers, but I thought a file transfer of some kind was going on until I went and checked with my roommate. Needless to say, it was causing a measurable difference in latency on our cable modem (which is kind of shaky anyway) or I probably wouldn't have noticed in the first place.
Anyway, I added a pf rule blocking direct connections on the ports AIM uses from the network she's on at Auburn and haven't seen any problems since then. I don't know if this has anything to do with the claims this story is referring to, but I guess it could.
It's a little deeper than that (Score:2)
Now, most schools have an 'acceptable use' policy, us included. Try telling resident adults that they can't use community funded resources to do whatever they want. It doesn't happen. Tell someone they can't look at porn in a public lab, and they'll throw the first amendment at you. So we use the all inclusive "waste of bandwidth." Kinda hard for them to argue on that point.
I suspect you're in the same situation. rather than having students using computer for chit chat and wasting time, they administration wants to see them used for work. Rather than re-inventing the wheel when it comes to their usage policy, which can take ages, they're calling AIM for what it is in your environment, a waste of bandwidth.
Re:Big Brother (Score:1)
Re:In Soviet schools... (Score:3, Interesting)
The whole notion that we need computers in every classroom is pointless.
Pointless.
I graduated in 2000, and I learned more from my at-home computer than the locked-down computers in my high school.
They restrict any real use, defeating the whole purpose of having it hooked up to the 'net! The web filter was absolutely painful. I remember this one time where a friend was trying to research marijuana for a school paper covering drug use. The teacher glanced at my friend's computer screen and after getting over the initial surprise of the website managing to slip through the webfilter's cracks, automatically banned him from the computer lab.
Nope... American schools aren't in trouble. No sir.
Re:In Soviet schools... (Score:1)
Hermaphrodism. Oh, that was some fun research.
Re:In Soviet schools... (Score:2)
"No child is to be left behind, technologically. Everyone needs to know how to use a computer for jobs in the real world," they say. But if they dare apply that knowledge, or even attempt to use the computers their (parents) tax money pays for, they're quickly shunned and told they're using something "inappropriately." Or, gasp, without supervision!
Perhaps that's an over-generalization, but nevertheless, in my experience, that assessment has held true to this day. Quite frankly, it pisses me off. Fortunately, this applies more to local school districts as opposed to colleges and universities.
Nevertheless, here's another dose of reality for those still paying attention to this thread. Someone dropped a virus on our high school computer network right before summer break. Instead of wiping all of the hard drives over the summer and starting from scratch, they bought new computers. Their old computers were little over a year old. They bought about fifty new units. This was three years ago.
Worse... my parents now have to pay $300 for every sport my little brother plays. Don't pay? Can't be on the team. How wonderful is that?
Re:Something I find funny... (Score:2)
I like to sign on, and bug who ever is on. It just makes my day.