Re: iptables + icq
On Fri, 17 Aug 2001, Michael Wood wrote:
> On Fri, Aug 17, 2001 at 08:10:41AM +1000, Paul Haesler wrote:
> > Are you masquerading?I found the easiest way to get icq to
> > work through IP-masquerading was to use a SOCKS proxy:
> > apt-get install socks4
> Or "apt-get install dante" since it supports socks4 and socks5.
But isn't a socks proxy quite a big hole in the firewall?
Spesifically, it allows any trojaned host in the inside network to accept
connections from the outside.
(Also: an ICQ client listening on a port is also a weakness. I'm not
entirely sure that those clients, at least the mirabilis ones, don't have
some exploitable/exploited buffer overflows)