RE: icq

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A,

	you just dont get it...

	the access itself is risky for an enterprise.

	small home lans are not relevant in this conversation.

	the setup for rpc mimics some of the port nonsense that
rpc/portmapper
	type of architectures is the problem.

	the client-2-client interface is the security problem in and of
itself.

-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Alistair Tonner
Sent: Wednesday, June 16, 2004 7:26 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: icq


On June 16, 2004 05:03 pm, Hudson Delbert J Contr 61 CS/SCBN wrote:
> the rpc like tendencies of icq make it not worth the trouble to manage
> access to/from it.
>
> ~piranha

	? rpc like ? 

> Not sure about recent versions, but with old versions you could only do
> simple things like messaging when using NAT only.
> If you wanted to do things like chat and/or filetransfer, you needed a
> socks server. I guess this still holds.
> NEC had a free socks5 server for *nix once, but stopped providing it.
> It's now Permeo's (www.permeo.com) but AFAIK not free any more. If you
> need it ; there's a source version on rpmfind.net.
>
	
	Although there are already some answers here, the extended
attributes
	for icq can be managed in a small home lan situation by properly
configuring
	the clients (set the ports on which connections can be recieved to a

	different specific range per client) and then forward the
appropriate range
	of  ports per client from the firewall.  In my case at home, I have
three
	internal clients that are permanently forwarded.  You can't filter
on source
	address as icq -> icq transfers are client to client.  For standard
chatting 
	however, nothing need be done save the initial connection out to 
	login.icq.com and an established related rule.  Some folks might
find that
	they have to send the initial message through the servers (window
clients 
	auto fallback to this state, licq has to be told to do it) but after
the 
	first message out from behind the firewall, if the
ESTABLISHED,RELATED rule
	is in place, chat messages work just fine.

	Alistair Tonner.



>
>
> Gr,
> Rob


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux