Well, it does a lot of things.. I would love to be running a sniffer
watching all the ports it uses, but it sounds like it uses non-priveleged
ports for all teh file transfer and chat stuff... you should be able to do
just messages if you only allow 4000 and 4001 udp (this is the server
connection piece and you can send massages through the server). This may
prevent somone from the outside connecting to an inside machine (I am
assuming a firewall is involved, and we don't allow inbound connections
initiated from the outside except for certain hosts on certain ports).
NAT could help as well, since I think this wold force u sing the server
for everything from the outside.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Wed, 2 Jun 1999, Joe Matusiewicz wrote:
> I don't know if you can limit ICQ to just chat...I'd write to their Tech
> Support to find out. More information on how to configure your firewall
> can be found at:
>
> http://www.icq.com/firewall/netadmin.html
>
> This is what they have to say on client to client connections:
>
> "Client to client connection is done using the TCP protocol, using port
> range 1024 - 65535. this means that the client needs an open listening port
> within the mentioned range - 1024 to 65535."
>
> Sounds like a lot of ports to me for something that is the functional
> equivalent of email.
>
> -- Joe
>
>
> At 01:05 AM 6/2/99 -0400, Security Administrator wrote:
> >Hi,
> >
> >
> >I'm looking for a way to allow ICQ to go through a firewall (probably the
> >Elron firewall, though we haven't made a final decision yet). I've heard
> >a lot of baaaad things about what running ICQ can do for your
> >vulnerability, so what I'd like to do is limit the client to doing ICQ
> >chat. No sending URLs, no sending files, no sending
> ><insert-latest-bloatware-feature-here>. Just chat.
> >
> >
> >Is this possible? What are people's thoughts on whether/how much this
> >would improve the security of using ICQ? (It seems to me that by only
> >allowing chat messages through, the worst someone could do is a DoS
> >attack...)
> >
> >
> >Thanks for any advice,
> >
> >
> >Richard
> >
> >
> >PS: If anyone has any advice or experiences to share with me concerning
> >the Elron firewall, I'd love to hear them!
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
