AO>> 1 line more and you'll see I noted "related" packets,
That depends on how your firewall understands "related". If it understands
it as something more than current connection - install another firewall.
AO>> The target at the end of the process is slip a packet
AO>> through the gateway and into the computer running ICQ.
OK, this is explicitly allowed, we suppose, as long as packet is targeted
to the port that belongs to ICQ program.
AO>> What happened, if you could exploit a bug in the client, and make it
AO>> behave in a certain way?
Than it would be no different from bug in MSIE, ftp client or any program
dealing with internet data. This problem is not solved by
firewalling. This problem is solved by using quality software and reading
Bugtraq and praying to $DEITY_OF_CHOICE that you know about MSIE buffer
overflow before your neighbour script kiddie does.
AO>> What happened if "related" packets were sent with a tweak?
AO>> Let's say to another port, Would the firewall let it in?
No. That why you have firewall - to allow only "kosher" packets and drop
all the rest. If you misconfigured your firewall as to allow other packets
- that's your problem, not ICQs.
AO>> This very much depends on which firewall and configuration
AO>> but many times the answer would be Yes.
You are saying many sysadmins are dumb. Maybe yes, maybe not - but this is
certainly not inherent flaw in ICQ protocol - that's what we started with,
remember?
AO>> And how exactly do you plan to check if they are valid packets comming
AO>> from
AO>> the right source? (note that i dropped the word UDP because in some
AO>> cases
AO>> it can be tcp, weak seq numbers)
ICQ does along very good with UDP alone. And I don't even want to check
"validity" of packet source, probably (though I could - the list of valid
ICQ servers is not so hard to get) - as long as all packets are delivered
to ICQ client, most I risk is that somebody will hurt user's ICQ
session. Not a major concern for me - this is ICQs problem, not company
security problem. ICQ as secure communication tunnel sucks enormous time,
but this is "contained" suckiness - it doesn't hutrt anything but ICQ.
AO>> DNS isn't the only thing that can be spoofed, basically anything can.
Tell me a good way to spoof live TCP session on Linux. Not one packet,
live session starting from the handshake. No, you are not on the same
network and cannot hear outgoing packets, that would be too easy.
--
[EMAIL PROTECTED] \/ There shall be counsels taken
Stanislav Malyshev /\ Stronger than Morgul-spells
phone +972-3-9316425 /\ JRRT LotR.
http://sharat.co.il/frodo/ whois:!SM8333
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
