Nadav Har'El wrote:
>
> On Mon, Dec 25, 2000, Alon Oz wrote about "Re: ipchains":
> > The ICQ protocol reveals the real IP of the computer running the client,
> > so even if you use GNU replacements it doesn't matter.
>
> So what? Unless you have a completely-proxy-firewall (block everything and
> allow only application proxies), whatever packets you let through (be they http,
> ftp, or icq) carry the IP address of the machine behind the firewall. But
> so what? If you use globally addressable IP addresses, face the consequences...
> ARIN or RIPE will contain your address range and attackers can use that to
> try the attack on every one of your addresses; Alternatively, if you use NAT
> hen all outgoing packets will be given one IP address anyway, and your
> argument is (at least as I see it) false.
But if icq.com(example) got my packet and know my "secret" intranet
addresses
(NAT ofcourse, for security) or someone (attacker in potent) got it
through ICQ..I'm not (very) afraid to be attacked form icq.com,
but i cannot trust an icq user.
> Case in point:
> I set up a firewall at home that is delibratly open to ICQ (through-server
> messages only). The firewall does NAT for a couple of machines, each of them
> with a different IP address (from a reserved area of the address space).
> Sure enough, _no_ packet is ever sent out of the firewall with either of
> the "secret" addresses, so that ICQ will only know the firewall's (publicly
> known) address.
the icq client sends the ip of the machine running the client.
It's part of the protocol, just check.
>
> > This "feature" opens a window for "crackers" to use various firewall
> > penetrating/piercing techniques.
>
> This seems to me like "security by obscurity": all the crackers know is the
> IP address of ICQ using machines. How to use that in an attack that isn't
> possible by simply attacking all your addresses is beyond me.
An "attack" doesn't have to be DoS, read my lines, I'm talkin about
firewall penetrating techniques == attackers who are trying to get
into the intranet.
--
Alon Oz,
Aduva Research Team,
Mailto: [EMAIL PROTECTED]
--
A proud member in the Evil Linux cyberterrorist hackers (ELCH)
organization
A who can launch Denial of Service attacks against the embedded devices
in your 6-slice toaster with advanced pingflood Open Source classified
exploit codes hidden inside strongly encrypted Russian mafia pornography
that innocent American children download from online gambling web sites
located in the Northern Mariana Islands
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
