Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: UDP port 1494

From: "Sigler, Karl" <KSigler () nbg com>
Date: Wed, 5 Apr 2000 14:30:28 -0400
Citrix's remote control protocol is ICA which runs on TCP/1494 (not UDP).
Punching a hole through your firewall for this port will allow basic Citrix
connectivity. Since the Citrix client is freely available from Citrix's
website, this would allow anyone on the internet access to your Citrix
servers login prompt. A little more probing and patience could easily give
any remote user full access to an NT desktop (MetaFrame) on you network.
After that, kiss the rest good bye.

If you do need to open up access for remote users (say roaming sales staff
that HAVE TO have access to your goldmine server via ICA) I strongly
recommend one of two scenarios:

1) segregate it into a DMZ and be very conscious that all data on the box is
conceivable breachable. The box could be easily owned. (don't put sensitive
data on it. don't make it a part of your domain, etc.)

or

2) allow only VPN connections with strong encryption and strong
authentication. The scenarios I see the most are SecuRemote (Checkpoint) and
SecurID (RSA). Obviously insisting on long, secure passwords is a good idea
to begin with.

Another thing to keep in mind, if you want all of those "cool" Program
Neighborhood features, you'll also need to punch a hole for UDP/1604 and
play around with Server Location settings, ALTADDR commands for NAT, blah,
blah, blah. TCP/1494 only gets you ICA.

Another security note. Don't bother changing the ICA port number (ICAPORT
cmd). ICA responds with, you guessed it, ICA ICA ICA when the port is opened
(try telneting to your Citrix box on 1494). Anyone with a port scanner will
be able to track down which port it's running on in a couple of seconds (or
minutes with my crappy laptop :) )

Hope this helps,

Karl Sigler
Help Desk Manager
NBG, Atlanta
www.nbg.com
ksigler () nbg com

-----Original Message-----
From: Shaun Moran [mailto:Shaun () TheMorans Com]
Sent: Thursday, March 30, 2000 6:22 AM
To: Hoi, Wai Khin; firewall-wizards () nfr net
Subject: RE: [fw-wiz] UDP port 1494


Is this remote clients from the Internet accessing an Internal Citrix
server. Be aware that the latest version of dsniff (1.7) can sniff
unencrypted citrix logon details ...

Shaun


-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Hoi, Wai Khin
Sent: Wednesday, March 29, 2000 6:34 PM
To: 'firewall-wizards () nfr net'
Subject: [fw-wiz] UDP port 1494
Importance: Low


Does anybody know the risk of inbound traffic via UDP port 1494 from a
citrix server. Currently, I am doing some remote access test.

Many Thanks

Wai Khin


__________________________________________________________________

                Confidentiality Notice

This message may contain privileged and confidential information. If you
think, for any reason, that this message may have been addressed to you in
error, you must not disseminate, copy or take any action in reliance on it,
and we would ask you to notify us immediately by return email to
"Postmaster () Schroders com".


Schroder Investment Management Limited
31 Gresham Street
London EC2V 7QA

Registered Office at above address
Registered number 1893220 England

Regulated by IMRO
Previous By Date Next
Previous By Thread Next

Current thread: