On Mon, Dec 25, 2000, System1 wrote about "ipchains":
> the first step is using udp sniffer.
> after that you have tools you can find on the web to preform scans in the
> network of the victim.
> you must have direct connection to the user for that. (I think its ICQ
> default).
>
> Moran.
Ok... I see you're feeding us the real problem a spoonful at a time ;)
A direct connection also doesn't work under NAT (unless you have a special
masquarading feature that changes the content of packets), and because it
uses non-well-known ports, it's also hard to set up for a mostly-blocking
packet filter firewall (a firewall that blocks everything except predefined
ports/hosts). So you can prevent non-hacker users from using direct connection
(with a mostly-blocking firewall) while letting them use the through-server
connection.
BTW, since you still haven't told us all the details of this vulnerability,
I have to ask another question: Does it depend on the attacker sending the
victim packets with false source-address (e.g., making it look like other
addresses behind the firewall)? If so, such false packets are easy to stop
at the firewall, and this because a non-problem. If, however, the false IP
address comes from ICQ's server inside a packet, then it's a problem, but I
don't see how the attacker can use that data...
Can you point us to some URL about this ICQ problem?
--
Nadav Har'El | Monday, Dec 25 2000, 28 Kislev 5761
[EMAIL PROTECTED] |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Linux: Because rebooting is for adding
http://nadav.harel.org.il |new hardware.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
