Firewall Wizards mailing list archives

RE: Blocking ICQ

From: "Kertesz, Imre" <ikertesz () ASEC-MD2 COM>
Date: Wed, 17 Nov 1999 10:30:00 -0500

Far be it for me to criticize your approach, but the problem could be
handled more effectively, not to mention proactively, with a recognized and
enforced security policy prohibiting the use of such applications. Even if
you block the default ports, anyone with half-a-head of protocol knowledge
can bypass the restrictions, tunnel contraband traffic through (for example)
port 80, proxy a secure tunnel to an anonymizer, etc, etc. 

.. Just a thought.

 -IK


Imre Kertesz III
Senior Consultant
Booz-Allen & Hamilton
Office: 410.540.4798
Lab:    410.540.4700

-----Original Message-----
From: Saravana Ram [SMTP:Ram () POP Jaring My]
Sent: Tuesday, November 16, 1999 3:57 AM
To:   Firewall-Wizards
Subject:      Re: Blocking  ICQ

I have users on my network that are using ICQ. This is a security

concern, I

would like to deny acces using my firewall.

Which ports and/or address should be blocked to disable ICQ?


On my copy of Mirabilis's ICQ, the server used is listed as
icq.mirabilis.com
and the port is listed is 4000. I only say "listed as" because i'm not
sure
whether ports used are in ranges.

I belive the actual transfer of messages, chats, and files between ICQ
client
users are on other ports.

Current thread:

Blocking ICQ Scot Scot (Nov 15)
- Re: Blocking ICQ Saravana Ram (Nov 16)
- Re: Blocking ICQ Patrick Oonk (Nov 16)
- RE: Blocking ICQ Eric Dost (Nov 17)
- <Possible follow-ups>
- Re: Blocking ICQ Robert Graham (Nov 16)
- Re: Blocking ICQ martin (Nov 16)
- RE: Blocking ICQ Jason Diesel (Nov 16)
- RE: Blocking ICQ Robyn Bailey (Nov 16)
- RE: Blocking ICQ Adam Miller (Nov 17)
- RE: Blocking ICQ Kertesz, Imre (Nov 17)
- Re: Blocking ICQ Mikhail Evstiounin (Nov 21)
- RE: Blocking ICQ sean . kelly (Nov 22)