Bruno, Basically this means if you allow your users to use IRC (chat mostly port 6667-7000) then you are vulnerable for the "connection tracking" vulnerability in the previous linux kernels (up to 2.4.17 afaik).
If you also have some more rules allowing connections to the inside they may use those rules to try to connect to your internal machines due to the hole in your firewall. (At least this is how I interpreted the vulnerability). If you dont allow IRC or dont allow access from the inside then you are pretty safe. And about IRC DCC. Basically DCC is something you use to transfer files or chat in person with people. DCC is almost the same as an anonymous ftp. you transfer files over DCC to the other person without the need for a username of password. You, as the user, need to initialise the DCC connection to the otherone otherwise it cant work. Regards, Brenno > -----Original Message----- > From: Bruno Negr�o [SMTP:[EMAIL PROTECTED]] > Sent: vrijdag 1 maart 2002 15:52 > To: [EMAIL PROTECTED] > Subject: About the IRC connection tracking advisory > > > Hi all, > > Yesterday I received from red hat this advisory: > <https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1028> > > And it addresses upgrade the actual kernel to the new version 2.4.9-31. I > can't simply upgrade my kernel with an rpm cause my kernel is patched with > pptp stuff. > > The advisory says that, "depending of the firewall ruleset" someone could > make an inbound connection. Please, read this part: > > "The problem consists of an excessively broad netmask setting which is > applied to check if an "IRC DCC" connection through a masquerading > firewall > should be allowed. This results in unwanted ports being opened on the > firewall, which could, depending on the firewall filter ruleset, allow > inbound connections." > > Does any of you could say wich are these rulesets? Oh, and what are these > irc dcc connections? (i don't know if it exist in my network). > > > Thank you, > ------------------------------------------------- > -- Bruno Negr�o -- Suporte > -- Plugway Acesso Internet Ltda. > -- (31)34812311 > -- [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
