[Apologies for having to send this a second time, but if there were
any answers to its first appearance they were lost in the ground clutter.]
At 01:39 PM 2/20/97 +0000, Danny Cox <dannyc @
gmap .
leeds .
ac .
uk> wrote
(quoting ArkanoiD <ark @
paranoid .
convey .
ru>):
>> *blocking* dcc is easy. *proxying* dcc is real pain in the ass. afaik no
>> one (except maybe commercial firewall manufacturers) succeed in doing that
>> :(.
>
>Right .. thanks. I don't really care about proxying dcc anyway .. I would
>like to know how to proxy irc in a secure manner though.
>
>> Doesn't require/use UDP. DCC channels are client-client. The _main_
>> problem with IRC from a security standpoint is naive users using IRC and
>> super-duper clients which can easily be turned into remote shells.
>
>Hmm .. okay. Are there any ways that folk can recommend to handle irc then
>other than not to handle it at all?
Since UDP isn't involved and basic IRC uses a well-known port,
wouldn't plug-gw work for this?
plug-gw: port 6677 your.subnets.*.* -plug-to some_irc_server -port 6677
The DCC insecurities (if I understand correctly that inbound DCC
initiates connections on _random_ ports) are already dealt with if you're
already controlling connection attempts to your other firewall ports.
What am I missing here?
==========================================================================
Gordon T. Thompson gordy @
nytimes .
com
Manager, Internet Services 212 556 1386
The New York Times fax: 212 556 1636
This letter has been modified as follows from its original
version: It has been formatted to fit your screen.
Follow-Ups:
|
|
