Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Use SOCKS5 Proxy
Use a SOCKS5 proxy and you can do in and outgoing filetransfer and it
will be much faster as normal configuration and you can simple admin the
user and there ICQ .

Greetz,

Jens

> -----Urspr├╝ngliche Nachricht-----
> Von: Daniel Eckart [mailto:auftragsabwicklung@xxxxxxxx]
> Gesendet: Donnerstag, 17. Januar 2002 11:36
> An: suse-security@xxxxxxxxxxxxxxx
> Betreff: Re: [suse-security] Allow ICQ under SuSEfirewall2?
>
>
> Download ICQ 2001b and get it over SQUID-Proxy !!!
> Works only with Version 2001b not 2000b.
> My ICQ runs on a Win2k Box and i connect through 2 Firewalls
> with SquidProxy. Only Incoming FileTransfer won┬┤t work but
> outgoing work!
>
> Greetz
> Dan
>
>
> Robert Davies schrieb:
>
> > On Wednesday 16 January 2002 19:45, Mauricio Latorre wrote:
> >
> > > ICQ it's a risk inside a network. A way to avoid this
> risk and allow
> > > the chat, U can use a web-proxy in order to send the
> messages by a
> > > HTTP tunnel. ICQ can do this, and IMHO it's a bit more secure.
> >
> > One thing I've seen is that ICQ servers defined for both
> ports 4000,
> > and 53 on their servers, so if you NAT/Masquerade DNS traffic you
> > might be permitting ICQ (and other UDP protocols) not just DNS
> > lookups.
> >
> > How much of a risk is ICQ? Surely all protocols including
> http are a
> > 'risk', just look at M$'s recent advisory on IE5.5sp2 and IE6,
> > image/jpegs, with .exe extensions are downloaded and run. A proxy
> > can't protect you against client software like that.
> >
> > The rules that work for me are :
> >
> > $iprulecmd -A ludpin -p udp -s 205.188.153.0/24
> --source-port 4000
> > --destination-port 1024: -j ACCEPT
> >
> > You would need something similar, but to use NAT or Masquerade that
> > UDP traffic.
> >
> > A questioner posted on ICQ in one of the Linux Today forums, and
> > there's more info there about the TCP/IP ports used. AFAIK if you
> > want ICQ to function completely in the protected network
> with outside,
> > you need to use 2.2 ipchains, and the ICQ helper module,
> which is not
> > yet available for 2.4 and Rusty Russel et al, have no interest in
> > supporting this proprietary protocol.
> >
> > Rob
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
>
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >
References