[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipchains
- To: System1 <System(at-nospam)TIEMIDDLEEAST.com>
- Subject: Re: ipchains
- From: "Nadav Har'El" <nyh(at-nospam)math.technion.ac.il>
- Date: Mon, 25 Dec 2000 17:42:19 +0200
- Cc: linux-il(at-nospam)cs.huji.ac.il
- Hebrew-Date: 28 Kislev 5761
- In-Reply-To: <4FD359CEB971D411AFA100508BDCDBB816D319@TIESBS>; from System@TIEMIDDLEEAST.com on Mon, Dec 25, 2000 at 05:13:30PM +0200
- References: <4FD359CEB971D411AFA100508BDCDBB816D319@TIESBS>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mutt/1.2i
On Mon, Dec 25, 2000, System1 wrote about "ipchains":
> the first step is using udp sniffer.
> after that you have tools you can find on the web to preform scans in the
> network of the victim.
> you must have direct connection to the user for that. (I think its ICQ
> default).
>
> Moran.
Ok... I see you're feeding us the real problem a spoonful at a time ;)
A direct connection also doesn't work under NAT (unless you have a special
masquarading feature that changes the content of packets), and because it
uses non-well-known ports, it's also hard to set up for a mostly-blocking
packet filter firewall (a firewall that blocks everything except predefined
ports/hosts). So you can prevent non-hacker users from using direct connection
(with a mostly-blocking firewall) while letting them use the through-server
connection.
BTW, since you still haven't told us all the details of this vulnerability,
I have to ask another question: Does it depend on the attacker sending the
victim packets with false source-address (e.g., making it look like other
addresses behind the firewall)? If so, such false packets are easy to stop
at the firewall, and this because a non-problem. If, however, the false IP
address comes from ICQ's server inside a packet, then it's a problem, but I
don't see how the attacker can use that data...
Can you point us to some URL about this ICQ problem?
--
Nadav Har'El | Monday, Dec 25 2000, 28 Kislev 5761
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Linux: Because rebooting is for adding
http://nadav.harel.org.il |new hardware.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il