[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ipchains
- To: "'System1'" <system(at-nospam)TIEMIDDLEEAST.com>, "'Nadav Har'El'" <nyh(at-nospam)math.technion.ac.il>, "'Alon Oz'" <alon(at-nospam)linuxqa.com>
- Subject: RE: ipchains
- From: <ishaybas(at-nospam)netvision.net.il>
- Date: Mon, 25 Dec 2000 18:19:10 +0200
- Cc: "'Hetz Ben Hamo'" <hetz(at-nospam)linuxqa.com>, <linux-il(at-nospam)cs.huji.ac.il>
- Disposition-Notification-To: <ishaybas@netvision.net.il>
- Importance: Normal
- In-Reply-To: <4FD359CEB971D411AFA100508BDCDBB816D31A@TIESBS>
- Sender: "Ishay Sommer" <isommer(at-nospam)checkpoint.com>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
what firewall was installed that was protecting the ICQ clients? how was it
configured? are you sure there was no trojan installed anywhere? how about
icq homepage? I know this feature had some trouble before.
It is very hard for me to believe such an issue missed bugtraq..
Ishay
-----Original Message-----
From: linux-il-bounce@cs.huji.ac.il [mailto:linux-il-bounce@cs.huji.ac.il]On
Behalf Of System1
Sent: Monday, December 25, 2000 5:50 PM
To: 'Nadav Har'El'; 'Alon Oz'
Cc: System1; 'Hetz Ben Hamo'; linux-il@cs.huji.ac.il
Subject: RE: ipchains
this is not correct.
with simple UDP sniffer you can find the victim private IP.
with bit more complex tools you can even scan the inside network.
I dont know how much attention this issue got on mailing lists such as
BugTraq
but I saw how its being made with very simple tools.
the ICQ version I am talking about is ICQ 2000 versions.
Ill say it again ICQ create direct connection this means it passes the
firewall by opening ports higher than 1024 so its a problem to block it
cause I cant block this ports.
for me to know that people from outside the office network can find out ips
like 10.10.1.x is enough to choose block the ICQ.
so the solution I found was to block the output to the whole domain
login.icq.com so users cant make login.
and hope there are no other servers they can login to with ICQ.
as for Nadav Har'El request for more data. I didnt saw anything on this
issue at BugTraq I dont think many knows about this.
The person who show us this vulnerability didnt say where he found it. but
we saw how he make it.
Moran.
-----Original Message-----
From: Nadav Har'El [mailto:nyh@math.technion.ac.il]
Sent: Monday, December 25, 2000 5:26 PM
To: Alon Oz
Subject: Re: ipchains
Sure enough, _no_ packet is ever sent out of the firewall with either of
the "secret" addresses, so that ICQ will only know the firewall's (publicly
known) address.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il