Nadav Har'El wrote:
>
> On Mon, Dec 25, 2000, System1 wrote about "RE: ipchains":
> > using ICQ remote attacker is able to make full port scan on networks behind
> > the firewall.
> > If ICQ gives people the ability to make scans of my servers that are behind
> > firewall I dont want it here. its only troubles.
> > as you can understand we are blocking ICQ not because the files option. (at
> > least trying to block it)
> >
> > Moran.
>
> Saying "its only troubles" is way too simplistic. Users are using it because
> they need it, like it, or whatever, and as you noticed, will make various
> attempts to circumvent your firewall to keep it going. To them, ICQ is not
> trouble - to them _you_ are trouble :)
>
> I'm curious - which part of ICQ allows an attacker to do port scans on machines
> behind the firewall? Is this a feature (bug) of their client, or some basic
> feature (bug) of they way the ICQ protocol works?
>
> P.S. I'm also behind a firewall that doesn't let ICQ through. I have a simple
> solution: log in to a "normal" machine outside the firewall (ssh is allowed
> through), and run micq (a textual client). You can also try searching for
> an ICQ application-proxy for your firewall (I don't know if one exists, though
> writing one that works for the simple cases seems easy enough).
>
>
The ICQ protocol reveals the real IP of the computer running the client,
so even if you use GNU replacements it doesn't matter.
This "feature" opens a window for "crackers" to use various firewall
penetrating/piercing techniques.
--
Alon Oz,
Aduva Research Team,
Mailto: [EMAIL PROTECTED]
--
A proud member in the Evil Linux cyberterrorist hackers (ELCH)
organization
A who can launch Denial of Service attacks against the embedded devices
in your 6-slice toaster with advanced pingflood Open Source classified
exploit codes hidden inside strongly encrypted Russian mafia pornography
that innocent American children download from online gambling web sites
located in the Northern Mariana Islands
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
