Firewall Wizards mailing list archives
RE: UDP port 1494
From: "Sigler, Karl" <KSigler () nbg com>
Date: Wed, 5 Apr 2000 14:30:28 -0400
Citrix's remote control protocol is ICA which runs on TCP/1494 (not UDP). Punching a hole through your firewall for this port will allow basic Citrix connectivity. Since the Citrix client is freely available from Citrix's website, this would allow anyone on the internet access to your Citrix servers login prompt. A little more probing and patience could easily give any remote user full access to an NT desktop (MetaFrame) on you network. After that, kiss the rest good bye. If you do need to open up access for remote users (say roaming sales staff that HAVE TO have access to your goldmine server via ICA) I strongly recommend one of two scenarios: 1) segregate it into a DMZ and be very conscious that all data on the box is conceivable breachable. The box could be easily owned. (don't put sensitive data on it. don't make it a part of your domain, etc.) or 2) allow only VPN connections with strong encryption and strong authentication. The scenarios I see the most are SecuRemote (Checkpoint) and SecurID (RSA). Obviously insisting on long, secure passwords is a good idea to begin with. Another thing to keep in mind, if you want all of those "cool" Program Neighborhood features, you'll also need to punch a hole for UDP/1604 and play around with Server Location settings, ALTADDR commands for NAT, blah, blah, blah. TCP/1494 only gets you ICA. Another security note. Don't bother changing the ICA port number (ICAPORT cmd). ICA responds with, you guessed it, ICA ICA ICA when the port is opened (try telneting to your Citrix box on 1494). Anyone with a port scanner will be able to track down which port it's running on in a couple of seconds (or minutes with my crappy laptop :) ) Hope this helps, Karl Sigler Help Desk Manager NBG, Atlanta www.nbg.com ksigler () nbg com -----Original Message----- From: Shaun Moran [mailto:Shaun () TheMorans Com] Sent: Thursday, March 30, 2000 6:22 AM To: Hoi, Wai Khin; firewall-wizards () nfr net Subject: RE: [fw-wiz] UDP port 1494 Is this remote clients from the Internet accessing an Internal Citrix server. Be aware that the latest version of dsniff (1.7) can sniff unencrypted citrix logon details ... Shaun -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Hoi, Wai Khin Sent: Wednesday, March 29, 2000 6:34 PM To: 'firewall-wizards () nfr net' Subject: [fw-wiz] UDP port 1494 Importance: Low Does anybody know the risk of inbound traffic via UDP port 1494 from a citrix server. Currently, I am doing some remote access test. Many Thanks Wai Khin __________________________________________________________________ Confidentiality Notice This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email to "Postmaster () Schroders com". Schroder Investment Management Limited 31 Gresham Street London EC2V 7QA Registered Office at above address Registered number 1893220 England Regulated by IMRO
Current thread:
- RE: UDP port 1494 Shaun Moran (Apr 04)
- <Possible follow-ups>
- RE: UDP port 1494 Sigler, Karl (Apr 10)