RE: ipchains

Ishay Sommer Mon, 25 Dec 2000 06:57:29 -0800
can you point us out to this tool?

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of System1
Sent: Monday, December 25, 2000 4:42 PM
To: 'Hetz Ben Hamo'
Cc: [EMAIL PROTECTED]
Subject: RE: ipchains


using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
If ICQ gives people the ability to make scans of my servers that are behind
firewall I dont want it here. its only troubles.
as you can understand we are blocking ICQ not because the files option. (at
least trying to block it)

Moran.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hetz Ben Hamo
Sent: Monday, December 25, 2000 4:34 PM
To: System1
Cc: [EMAIL PROTECTED]
Subject: Re: ipchains


Well, if I was a sys admin, then I would allow ICQ..

BUT, I would prevent the ports that needed to send/receive files or chat
(these
are the ports in the confguration menu)...

Blocking ICQ messages seems harder and harder - you can even configure ICQ
to
send messages with port 80, 21,23, 25, 110 and some other ports - depends
how
smart is the end user...

Ofcourse, you can just rule out usage in your company :)

Hetz

System1 wrote:
>
> its not so easy , i blocked while ago port 5194 (icq login port) but today
i
> found users still able to connect.
> so i made port scan on login.icq.com and found that they have above 100
> ports you can login to incase your admin locks you out :)
> so what i did was adding the following rule:
> $IPCHAINS -A output -p tcp -s $REMOTENET -d login.icq.com 0:9999 -i
> $OUTERIF -j DENY
> $IPCHAINS -A output -p tcp -s $REMOTENET -d web.icq.com 0:9999 -i
> $OUTERIF -j DENY
>
> and to block aol messanger (another client with security bugs which allows
> remote attacker take full control of users systems)
>
> $IPCHAINS -A output -p tcp -s $REMOTENET -d login.oscar.aol.com 0:9999 -i
> $OUTERIF -j DENY
>
> Moran.

--
Hetz Ben Hamo
Hardware Research dept.
Aduva Inc.

=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]



=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
RE: ipchains

Reply via email to
