what about at home use. We have a proxy system set up at home, to allow
three or four computers to get onto the internet through our one IP address.
Now we've got it setup using linux and ipfwadm, but before we were using
windows 98 and thrid party proxy software. We suppose one of those computers
behind the proxy wanted to get on irc. We set up one of these machines to
use a SOCKS 5 proxy, the only problem was that DCC requests wouldn't get
through. If you were trying to send someone a program, it wouldn't connect,
and the same if they were trying to send you stuff. One other problem we
had, if someone decided to DoS you on irc, you have the IP of the server, so
it ends up being the server that gets DoS instead of one of the clients.
Then again, if you've got a firewall up, and you can screen out the packets
bound for certain ports, this shouldn't be a concern either. And it's pretty
easy to set up, at least on windows machines. If you're using plain old
mIRC, there's a setting in the connect dialog to let it know you're using
SOCKS 4 or 5, if you're setting up the client on a linux machine, it's a
little tougher, because you have to tell it to connect to the proxy on a
certain port, and map that port through to either efnet, dalnet, undernet,
etc. Again, in this case we were only dealing with third party proxy
software, and that was as close as we got to actually having a firewall.
Brian Engle
[EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Joakim von Braun
> Sent: Thursday, July 29, 1999 4:57 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Safe way to IRC
>
>
> >Now let me think. It's long time I idid this - not with
> SOCKS but FWTK.
> >It was a short time limited experimental thing but I
> remember the main
> >treats to security had to be handled at the client and
> server end. What
> >I did was simply have fwtk's plug-gw listen to irc port from inside
> >interface and connect it to ISP's IRC server. this was in effect a
> >tunnel through the fw. most threats, like file transfer initiated by
> >someone outside our network would work fine so these options had to
> >disabled at the client so it was not too safe in my mind.
> The experiment
> >was luckily discontinued very soon as it turned out not to be that
> >usefull. My advice is you should consider very carefully
> before allowing
> >indiscriminate use of irc.
> >
> >Sakari Myllym�ki
> >
>
> First of all you have to ask yourself if IRC ( and ICQ) is it an
> application you need in a commersial company at all. Does it
> provide so
> much more value, that you are prepaired to take the possible
> risks that
> comes with it. For me it�s very hard to see IRC (and ICQ) as
> that valuable.
>
> On the second hand both the above mentioned programs are heavily
> compromised in several ways. There are many bots, scripts and
> hacks for PC,
> Macintosh and UNIX which can compromise clients and channels.
> Not to forget
> all the viruses specially written for IRC and lots of trojan
> horses that
> may upload all the user information from the client to a
> channel invisible
> to the user.
>
> If you work for a serious organisation there is no way I
> could recommend
> anyone to use IRC (or ICQ) whatever reason the user/users may
> have. There
> are plenty of more convenient and secure ways to communicate,
> either over
> the Internet or using ordinary phones or sometimes even snail-mail.
>
> CU
> Joakim
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
