What?? I have to say I disagree. ICQ NOT IRC.. if you configure your
client to "Always send via server" you rarely have problems (or at least I
rarely had problems using a NAT'd address). The main problem with ICQ
is it's ability to push and accept files "Hi, here is my funny program!"
[Accept] => [Click-Click] => [BO2K_Infection] (which I believe it
accomplishes using standard ftp). I can't see where there would be a
major problem if you just allow UDP 4000 outbound to message to the server
(I think you get messages on port 4001 UDP... not sure about that). I
also don't see where the IRC piece would be a major security concern. I
think it uses TCP 6664-7 like normal IRC, only it's more like a DDC IRC
session. How strict is your policy?? =)
Carric Dooley CNE
COM2:Interactive Media
http://www.com2usa.com
"Luck is the residue of design."
- Branch Rickey - former owner of the Brooklyn Dodger Baseball Team
On Wed, 27 Oct 1999, Chris Dinsmore wrote:
> Shai,
>
> ICQ is very touchy. ICQ servers are notorious for dropping connections
> constantly, and for being extremely timeout sensitive. This problem is
> magnified when using network address translation as your packets are going
> through a latency increasingprocedure, and a redirection which as you may
> know with UDP is not 100% reliable as there is no error correction. Your
> best bet in this situation is to include a SOCKS5 compliant proxy using an
> untranslated IP address in your network configuration, then configure ICQ to
> use it by selecting "I am behind a firewall or proxy" in the connection
> preferences.
>
> Christopher Dinsmore
> CCSA CCSE
> ===========================
> Netegrity Technical Support
> [EMAIL PROTECTED]
> 781-890-1700
> ================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
