Well, if I was a sys admin, then I would allow ICQ..
BUT, I would prevent the ports that needed to send/receive files or chat (these
are the ports in the confguration menu)...
Blocking ICQ messages seems harder and harder - you can even configure ICQ to
send messages with port 80, 21,23, 25, 110 and some other ports - depends how
smart is the end user...
Ofcourse, you can just rule out usage in your company :)
Hetz
System1 wrote:
>
> its not so easy , i blocked while ago port 5194 (icq login port) but today i
> found users still able to connect.
> so i made port scan on login.icq.com and found that they have above 100
> ports you can login to incase your admin locks you out :)
> so what i did was adding the following rule:
> $IPCHAINS -A output -p tcp -s $REMOTENET -d login.icq.com 0:9999 -i
> $OUTERIF -j DENY
> $IPCHAINS -A output -p tcp -s $REMOTENET -d web.icq.com 0:9999 -i
> $OUTERIF -j DENY
>
> and to block aol messanger (another client with security bugs which allows
> remote attacker take full control of users systems)
>
> $IPCHAINS -A output -p tcp -s $REMOTENET -d login.oscar.aol.com 0:9999 -i
> $OUTERIF -j DENY
>
> Moran.
--
Hetz Ben Hamo
Hardware Research dept.
Aduva Inc.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
