hi list, i am using linux 7.1 pro with a 2.2-kernel. i masquerade my internal network with the firewall (ip range 192.168.0.1 to .4); and i use an isdn dialup connection. i thought that the firewall _really_ masquerades my lan; but when i watched myself being online from a friend's box running licq 1.1.0, licq told me - apart from the external ip beginning with 62. - my private ip :( if licq is capable in looking behind that firewall, how can i assure that _real_ hack programs cannot do this ... i suggest that icq delivers all ips that it can gather; but don't other apps also??? how can i tell the firewall not to submit internal ip names - well - is the fw able to do it? -- icq# 67532578; return 0;}
Modify LICQ settings: Just set hide-ip in menu->System->Security curtain wrote:
hi list,
i am using linux 7.1 pro with a 2.2-kernel. i masquerade my internal network with the firewall (ip range 192.168.0.1 to .4); and i use an isdn dialup connection. i thought that the firewall _really_ masquerades my lan; but when i watched myself being online from a friend's box running licq 1.1.0, licq told me - apart from the external ip beginning with 62. - my private ip :( if licq is capable in looking behind that firewall, how can i assure that _real_ hack programs cannot do this ... i suggest that icq delivers all ips that it can gather; but don't other apps also??? how can i tell the firewall not to submit internal ip names - well - is the fw able to do it?
-- icq# 67532578; return 0;}
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Michael HORST - Four J's Development Tools www.4js.com - mailto:mh@4js.com
Hi curtain,
i thought that the firewall _really_ masquerades my lan; but when i watched myself being online from a friend's box running licq 1.1.0, licq told me - apart from the external ip beginning with 62. - my private ip :(
Well, your icq client tells your private IP. no wonder. The point is, your firewall _is_ masquerading your lan. Else you'd never get an answer from the internet... Masquerading works basically as follows: Each request from the internal net is translated to your masquerading server's external ip address. Answers to those requests are remapped back to your private ip address by the masq server. Masquerading has the following useful features: a) You are enabled to connect several machines to the internet without the need to have several public ip addresses b) Machines from the internet can not connect to any of your internal machines (except you tell your masq server to forward certain requests). This implies, even if icq tells your internal ip addresses, a casual attacker can not attack your internal machines (unless he has cracked your masq server, of course. To stop icp delivering your int ip address you'd need an application layer proxy for icq. Dunno if one exists... Same applies for other applications. Robert
if licq is capable in looking behind that firewall, how can i assure that _real_ hack programs cannot do this ... i suggest that icq delivers all ips that it can gather; but don't other apps also??? how can i tell the firewall not to submit internal ip names - well - is the fw able to do it?
participants (3)
-
curtain -
Michael Horst -
Robert Klein