Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Allow ICQ under SuSEfirewall2?
  • From: Daniel Eckart <auftragsabwicklung@xxxxxxxx>
  • Date: Thu, 17 Jan 2002 11:35:32 +0100
  • Message-id: <3C46A8F4.142B061A@xxxxxxxx>
Download ICQ 2001b and get it over SQUID-Proxy !!!
Works only with Version 2001b not 2000b.
My ICQ runs on a Win2k Box and i connect through 2 Firewalls with SquidProxy.
Only Incoming FileTransfer won´t work but outgoing work!


Robert Davies schrieb:

> On Wednesday 16 January 2002 19:45, Mauricio Latorre wrote:
> > ICQ it's a risk inside a network. A way to avoid this risk and allow the
> > chat, U can use a web-proxy in order to send the messages by a HTTP tunnel.
> > ICQ can do this, and IMHO it's a bit more secure.
> One thing I've seen is that ICQ servers defined for both ports 4000, and 53
> on their servers, so if you NAT/Masquerade DNS traffic you might be
> permitting ICQ (and other UDP protocols) not just DNS lookups.
> How much of a risk is ICQ? Surely all protocols including http are a 'risk',
> just look at M$'s recent advisory on IE5.5sp2 and IE6, image/jpegs, with .exe
> extensions are downloaded and run. A proxy can't protect you against client
> software like that.
> The rules that work for me are :
> $iprulecmd -A ludpin -p udp -s --source-port 4000
> --destination-port 1024: -j ACCEPT
> You would need something similar, but to use NAT or Masquerade that UDP
> traffic.
> A questioner posted on ICQ in one of the Linux Today forums, and there's more
> info there about the TCP/IP ports used. AFAIK if you want ICQ to function
> completely in the protected network with outside, you need to use 2.2
> ipchains, and the ICQ helper module, which is not yet available for 2.4 and
> Rusty Russel et al, have no interest in supporting this proprietary protocol.
> Rob
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >