Re: iptables + icq

To: Michael Wood <mwood@its.uct.ac.za>
Cc: <debian-firewall@lists.debian.org>
Subject: Re: iptables + icq
From: Tzafrir Cohen <tzafrir@technion.ac.il>
Date: Sat, 18 Aug 2001 01:53:42 +0300 (IDT)
Message-id: <[🔎] Pine.GSO.4.33_heb2.09.0108180149490.8469-100000@techunix.technion.ac.il>
In-reply-to: <[🔎] 20010817100802.H27971@len.its.uct.ac.za>

On Fri, 17 Aug 2001, Michael Wood wrote:

> On Fri, Aug 17, 2001 at 08:10:41AM +1000, Paul Haesler wrote:
> > Are you masquerading?I found the easiest way to get icq to
> > work through IP-masquerading was to use a SOCKS proxy:
> >
> > apt-get install socks4
>
> Or "apt-get install dante" since it supports socks4 and socks5.

But isn't a socks proxy quite a big hole in the firewall?

Spesifically, it allows any trojaned host in the inside network to accept
connections from the outside.

(Also: an ICQ client listening on a port is also a weakness. I'm not
entirely sure that those clients, at least the mirabilis ones, don't have
some exploitable/exploited buffer overflows)

-- 
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir

Reply to:

Follow-Ups:
- Re: iptables + icq
  - From: "Paul Haesler" <paul@haesler.dyndns.org>

References:
- Re: iptables + icq
  - From: Michael Wood <mwood@its.uct.ac.za>

Prev by Date: Re: FTP proxy support
Next by Date: Re: FTP proxy support
Previous by thread: Re: iptables + icq
Next by thread: Re: iptables + icq
Index(es):
- Date
- Thread