this is not correct.
with simple UDP sniffer you can find the victim private IP.
with bit more complex tools you can even scan the inside network.
I dont know how much attention this issue got on mailing lists such as
BugTraq
but I saw how its being made with very simple tools.
the ICQ version I am talking about is ICQ 2000 versions.
Ill say it again ICQ create direct connection this means it passes the
firewall by opening ports higher than 1024 so its a problem to block it
cause I cant block this ports.
for me to know that people from outside the office network can find out ips
like 10.10.1.x is enough to choose block the ICQ.
so the solution I found was to block the output to the whole domain
login.icq.com so users cant make login.
and hope there are no other servers they can login to with ICQ.
as for Nadav Har'El request for more data. I didnt saw anything on this
issue at BugTraq I dont think many knows about this.
The person who show us this vulnerability didnt say where he found it. but
we saw how he make it.
Moran.
-----Original Message-----
From: Nadav Har'El [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 25, 2000 5:26 PM
To: Alon Oz
Subject: Re: ipchains
Sure enough, _no_ packet is ever sent out of the firewall with either of
the "secret" addresses, so that ICQ will only know the firewall's (publicly
known) address.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
