Hello Tom.
I have been acessing this problem recently on my campus. There are many
many reasons that I believe that this type of traffic should at least be
monitored or handled in a manner other then just opening up a few ports.
ICQ by default uses any empheral ports as a server port on the local
workstation. It can be configured to work from behind a firewall and
utilize the ICQ network to pass traffic through instead of direct client
connections. This has the trade-off of speed. I am behind a firewall at
my apt and when set for the firewall option, many friends complained of
not being able to send me messages (while it was trying the direct
connection) and major delays by being routed through the ICQ network.
Aim seems to me to be the nicest to deal with. It always attempts to
utilize port 5190 on the local system. It also doesn't seem to let you
transfer files easily (or I just have used it except to send a picture
inline the conversation) so it seems to be geared for the bare minimal of
chatting and not trading mp3s (and potentially executables with trojans in
them).
Yahoo seems to be using a server port of 23 (telnet) and occasionally 21
(ftp) from experimental data I have gathered. I don't like this because
those ports are for telnet or ftp and shouldn't be used in servicing
anything else. So to protect those users you either need to watch the
conversation to make sure it is yahoo traffic and not someone trying to
tap into yahoo computers. Since most of my client base use icq, I haven't
really opened my rulesets for yahoo yet. I think that most of the server
computers for yahoo are in the 204.71.200.xxx block and as such could be
watched for other connections.
The problem with allowing the inbound connections on any chat or instant
Messenger program is that the server port on the local machine may not be
fixed or have a fixed location on the internet side. Yahoo
is nice enough to force the traffic to go into their network before
sending down the pipe to the other end of the conversation. But if you
don't monitor how you open up the ports, you will have people using the
port to allow unfiltered access to their machines. Can you imagine
a mud or mp3 server being placed on say port 5190 just because you decided
to filter the normal ports for napster or the mud port of choice.
You have to decide wether having the file trading is an acceptable risk
and if you are going to monitor the packet conversation if it doesn't
originate from a defined IP space. That is where I am at in my thoughts
right now.
Hope that kinda helps. If anyone has any tcpdump filters that help clean
up ICQ messages, please let me know.
Scott
On Thu, 24 Aug 2000, Tom Hulley wrote:
> Hello..
> What risks are taken when allowing AIM, ICQ, and other similar chat
> programs through a firewall. What ports are involved for each?
> Thanks
> Tom
> [EMAIL PROTECTED]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
