Bugtraq mailing list archives
Re: Citrix ICA Basic Encryption
From: chris () AIMS COM AU (Chris Knight)
Date: Thu, 30 Mar 2000 10:16:03 +1000
Howdy,
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Weld Pond Sent: Wednesday, 29 March 2000 8:36 To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Citrix ICA Basic Encryption [snip] SecureICA is only available for Windows and DOS clients. Unix, Macintosh, and Java clients must use the insecure protocol. Due to the nature of the protocol it cannot be tunnelled through ssh. A VPN is probably the only solution for Unix, Macintosh and Java clients. -weld
Not entirely correct. The ICA session can be tunnelled through ssh. You need to forward port 1494 to the ICA server. However, the ICA browser service uses UDP port 1604. You can get around this by using NAT techniques and the ALTADDR command provided by Citrix.
Froma security point-of-view, you probably shouldn't NAT the browser
service - simply use the ssh port forwarding to connect to a known server and known application. The downside is you're not able to use seamless windows, as you cannot get the list of published applications from the ICA browser service. Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au
Current thread:
- Re: Esafe Protect Gateway (CVP) does not scan virus under some, (continued)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Eric Chien (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Jason Brvenik (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Follow-Up: Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 28)
- privacy problems with HTTP cache-control Martin Pool (Mar 28)
- Objectserver vulnerability Howard M. Kash III (Mar 29)
- Citrix ICA Basic Encryption Dug Song (Mar 29)
- Re: Citrix ICA Basic Encryption Weld Pond (Mar 28)
- Re: Citrix ICA Basic Encryption Chris Knight (Mar 29)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Re: Security Problems with Linux 2.2.x IP Masquerading Olaf Kirch (Mar 30)
- Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability Ussr Labs (Mar 30)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Ian Turner (Mar 27)