Use a SOCKS5 proxy and you can do in and outgoing filetransfer and it will be much faster as normal configuration and you can simple admin the user and there ICQ . Greetz, Jens
-----Ursprüngliche Nachricht----- Von: Daniel Eckart [mailto:auftragsabwicklung@l-a-t.de] Gesendet: Donnerstag, 17. Januar 2002 11:36 An: suse-security@lists2.suse.com Betreff: Re: [suse-security] Allow ICQ under SuSEfirewall2?
Download ICQ 2001b and get it over SQUID-Proxy !!! Works only with Version 2001b not 2000b. My ICQ runs on a Win2k Box and i connect through 2 Firewalls with SquidProxy. Only Incoming FileTransfer won´t work but outgoing work!
Greetz Dan
Robert Davies schrieb:
On Wednesday 16 January 2002 19:45, Mauricio Latorre wrote:
ICQ it's a risk inside a network. A way to avoid this risk and allow the chat, U can use a web-proxy in order to send the messages by a HTTP tunnel. ICQ can do this, and IMHO it's a bit more secure.
One thing I've seen is that ICQ servers defined for both ports 4000, and 53 on their servers, so if you NAT/Masquerade DNS traffic you might be permitting ICQ (and other UDP protocols) not just DNS lookups.
How much of a risk is ICQ? Surely all protocols including http are a 'risk', just look at M$'s recent advisory on IE5.5sp2 and IE6, image/jpegs, with .exe extensions are downloaded and run. A proxy can't protect you against client software like that.
The rules that work for me are :
$iprulecmd -A ludpin -p udp -s 205.188.153.0/24 --source-port 4000 --destination-port 1024: -j ACCEPT
You would need something similar, but to use NAT or Masquerade that UDP traffic.
A questioner posted on ICQ in one of the Linux Today forums, and there's more info there about the TCP/IP ports used. AFAIK if you want ICQ to function completely in the protected network with outside, you need to use 2.2 ipchains, and the ICQ helper module, which is not yet available for 2.4 and Rusty Russel et al, have no interest in supporting this proprietary protocol.
Rob
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com