I have a single system protected by SuSEfirewall2. I do not use personal firewall because I want to allow chrony to set the time, and for this I need access to offsite NTP servers. How do I allow use of ICQ? Thank you. -- Paul Elliott 1(512)837-1096 pelliott@io.com PMB 181, 11900 Metric Blvd Suite J http://www.io.com/~pelliott/pme/ Austin TX 78758-3117
I believe ICQ uses port 5190. You will need to 5190/UDP in. If you are running iptables, then here is what i would do: (assuming eth0 is your external card) iptables -A INPUT -i eth0 -p udp --dport 5190 -j ACCEPT And if you are forwarding packets, iptables -A FORWARD -i eth0 -p udp --dport 5190 -j ACCEPT
I have a single system protected by SuSEfirewall2. I do not use personal firewall because I want to allow chrony to set the time, and for this I need access to offsite NTP servers.
How do I allow use of ICQ?
Lee Leahu lee@ricis.com Internet Technologies Specialist RICIS, Inc. Phone: (708) 444-2690 Fax: (708) 444-2697 Cell: (708) 363-6860 Pager: (708) 467-2044 http://www.ricis.com/
ICQ it's a risk inside a network. A way to avoid this risk and allow the chat, U can use a web-proxy in order to send the messages by a HTTP tunnel. ICQ can do this, and IMHO it's a bit more secure. To allow NTP, you just need to define the IP for Ur NTP server and allow UDP input/output to their 123 port against a non-privileged port in your server (over 1024) Chubasco -----Mensaje original----- De: Paul Elliott [mailto:pelliott@io.com] Enviado el: Wednesday, January 16, 2002 2:50 PM Para: suse-sec Asunto: [suse-security] Allow ICQ under SuSEfirewall2? I have a single system protected by SuSEfirewall2. I do not use personal firewall because I want to allow chrony to set the time, and for this I need access to offsite NTP servers. How do I allow use of ICQ? Thank you. -- Paul Elliott 1(512)837-1096 pelliott@io.com PMB 181, 11900 Metric Blvd Suite J http://www.io.com/~pelliott/pme/ Austin TX 78758-3117
On Wednesday 16 January 2002 19:45, Mauricio Latorre wrote:
ICQ it's a risk inside a network. A way to avoid this risk and allow the chat, U can use a web-proxy in order to send the messages by a HTTP tunnel. ICQ can do this, and IMHO it's a bit more secure.
One thing I've seen is that ICQ servers defined for both ports 4000, and 53 on their servers, so if you NAT/Masquerade DNS traffic you might be permitting ICQ (and other UDP protocols) not just DNS lookups. How much of a risk is ICQ? Surely all protocols including http are a 'risk', just look at M$'s recent advisory on IE5.5sp2 and IE6, image/jpegs, with .exe extensions are downloaded and run. A proxy can't protect you against client software like that. The rules that work for me are : $iprulecmd -A ludpin -p udp -s 205.188.153.0/24 --source-port 4000 --destination-port 1024: -j ACCEPT You would need something similar, but to use NAT or Masquerade that UDP traffic. A questioner posted on ICQ in one of the Linux Today forums, and there's more info there about the TCP/IP ports used. AFAIK if you want ICQ to function completely in the protected network with outside, you need to use 2.2 ipchains, and the ICQ helper module, which is not yet available for 2.4 and Rusty Russel et al, have no interest in supporting this proprietary protocol. Rob
Download ICQ 2001b and get it over SQUID-Proxy !!! Works only with Version 2001b not 2000b. My ICQ runs on a Win2k Box and i connect through 2 Firewalls with SquidProxy. Only Incoming FileTransfer won´t work but outgoing work! Greetz Dan Robert Davies schrieb:
On Wednesday 16 January 2002 19:45, Mauricio Latorre wrote:
ICQ it's a risk inside a network. A way to avoid this risk and allow the chat, U can use a web-proxy in order to send the messages by a HTTP tunnel. ICQ can do this, and IMHO it's a bit more secure.
One thing I've seen is that ICQ servers defined for both ports 4000, and 53 on their servers, so if you NAT/Masquerade DNS traffic you might be permitting ICQ (and other UDP protocols) not just DNS lookups.
How much of a risk is ICQ? Surely all protocols including http are a 'risk', just look at M$'s recent advisory on IE5.5sp2 and IE6, image/jpegs, with .exe extensions are downloaded and run. A proxy can't protect you against client software like that.
The rules that work for me are :
$iprulecmd -A ludpin -p udp -s 205.188.153.0/24 --source-port 4000 --destination-port 1024: -j ACCEPT
You would need something similar, but to use NAT or Masquerade that UDP traffic.
A questioner posted on ICQ in one of the Linux Today forums, and there's more info there about the TCP/IP ports used. AFAIK if you want ICQ to function completely in the protected network with outside, you need to use 2.2 ipchains, and the ICQ helper module, which is not yet available for 2.4 and Rusty Russel et al, have no interest in supporting this proprietary protocol.
Rob
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Use a SOCKS5 proxy and you can do in and outgoing filetransfer and it will be much faster as normal configuration and you can simple admin the user and there ICQ . Greetz, Jens
-----Ursprüngliche Nachricht----- Von: Daniel Eckart [mailto:auftragsabwicklung@l-a-t.de] Gesendet: Donnerstag, 17. Januar 2002 11:36 An: suse-security@lists2.suse.com Betreff: Re: [suse-security] Allow ICQ under SuSEfirewall2?
Download ICQ 2001b and get it over SQUID-Proxy !!! Works only with Version 2001b not 2000b. My ICQ runs on a Win2k Box and i connect through 2 Firewalls with SquidProxy. Only Incoming FileTransfer won´t work but outgoing work!
Greetz Dan
Robert Davies schrieb:
On Wednesday 16 January 2002 19:45, Mauricio Latorre wrote:
ICQ it's a risk inside a network. A way to avoid this risk and allow the chat, U can use a web-proxy in order to send the messages by a HTTP tunnel. ICQ can do this, and IMHO it's a bit more secure.
One thing I've seen is that ICQ servers defined for both ports 4000, and 53 on their servers, so if you NAT/Masquerade DNS traffic you might be permitting ICQ (and other UDP protocols) not just DNS lookups.
How much of a risk is ICQ? Surely all protocols including http are a 'risk', just look at M$'s recent advisory on IE5.5sp2 and IE6, image/jpegs, with .exe extensions are downloaded and run. A proxy can't protect you against client software like that.
The rules that work for me are :
$iprulecmd -A ludpin -p udp -s 205.188.153.0/24 --source-port 4000 --destination-port 1024: -j ACCEPT
You would need something similar, but to use NAT or Masquerade that UDP traffic.
A questioner posted on ICQ in one of the Linux Today forums, and there's more info there about the TCP/IP ports used. AFAIK if you want ICQ to function completely in the protected network with outside, you need to use 2.2 ipchains, and the ICQ helper module, which is not yet available for 2.4 and Rusty Russel et al, have no interest in supporting this proprietary protocol.
Rob
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Can somebody enlighten me on the following subject. When a user logs in, system displays an ip or hostname from the last login. Where is this information stored? Alex
/var/log/lastlog -----Original Message----- From: Alex Levit [mailto:alex@kel-tek.com] Sent: Thursday, January 17, 2002 9:16 PM To: suse-security@suse.com Subject: [suse-security] last login Can somebody enlighten me on the following subject. When a user logs in, system displays an ip or hostname from the last login. Where is this information stored? Alex -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Am Freitag, 18. Januar 2002 07:20 schrieb Edward Miles:
From: Alex Levit [mailto:alex@kel-tek.com]
Can somebody enlighten me on the following subject. When a user logs in, system displays an ip or hostname from the last login. Where is this information stored?
/var/log/lastlog
Hm, I disbelieve: man last /FILES (/ is the search command for less) : /var/log/wtmp : /var/log/btmp This sounds correct. Peter
Both work: last gives information on the last users to use the system (listing of login dates, users etc) lastb (if activated) gives failed login attempts lastlog simply gives a listing of _every_ user with their last login time, which I believe is what the original question asked for. Peter Wiersig wrote:
Am Freitag, 18. Januar 2002 07:20 schrieb Edward Miles:
From: Alex Levit [mailto:alex@kel-tek.com]
Can somebody enlighten me on the following subject. When a user logs in, system displays an ip or hostname from the last login. Where is this information stored?
/var/log/lastlog
Hm, I disbelieve: man last /FILES (/ is the search command for less)
: /var/log/wtmp : /var/log/btmp
This sounds correct.
Peter
-- ================================================================ Stefan Suurmeijer University of Groningen, Rekencentrum P.O. Box 800, NL-9700 AV Groningen, The Netherlands tel: (+31) 50 363 8258 - fax: (+31) 50 363 3406 E-mail: S.M.Suurmeijer@rc.rug.nl E-mail: stefan@symbolica.nl (private) ================================================================ PGP fingerprint: 183A F476 6E97 611C 061B 4425 5698 917B 2145 AA25 Quies custodiet ipsos custodes? (Who'll watch the watchmen?) #define question ((bb) || (!bb)) - William Shakespeare
Il 12:19, venerdì 18 gennaio 2002, Stefan Suurmeijer (prive) ha scritto:
Both work:
last gives information on the last users to use the system (listing of login dates, users etc) lastb (if activated) gives failed login attempts lastlog simply gives a listing of _every_ user with their last login time, which I believe is what the original question asked for.
How di I activate lastb? Praise
participants (11)
-
Alex Levit
-
Daniel Eckart
-
Edward Miles
-
Jens Gassmann
-
Lee Leahu
-
Mauricio Latorre
-
Paul Elliott
-
Peter Wiersig
-
Praise
-
Robert Davies
-
Stefan Suurmeijer (prive)