On Mon, 25 Dec 2000 16:41:49 +0200, System1 <[EMAIL PROTECTED]> wrote:
> using ICQ remote attacker is able to make full port scan on networks behind
> the firewall.
No, when a user uses the client with a bug, a remote attacker is able to....
> If ICQ gives people the ability to make scans of my servers that are behind
> firewall I dont want it here. its only troubles.
People will go to great lengths to circumvent you (I can think of a couple
of ways I'd circumvent it if I wanted to), so you'll just annoy them and not
have any security benefit. A better thing to do is to let users run ICQ
remotely on a DMZ'ed completely, and then politely ask them to do so.
An even better way is to help users upgrade to a better ICQ version.
In any way, I'm a strong advocate of the "company policy/polite request"
methodology rather then the technical solutions, because the technical
solutions *will* be circumvented. (I know -- I worked in a company
that all of a sudden got a firewall and an idiot sysadmin. I saw the
circumventions -- it took everyone who wanted to about one day
to return to use ICQ)
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
