From owner-freebsd-questions  Sun Jul 12 09:36:20 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA14372
          for freebsd-questions-outgoing; Sun, 12 Jul 1998 09:36:20 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from greeves.mfn.org (greeves.mfn.org [204.238.179.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA14362
          for <questions@FreeBSD.ORG>; Sun, 12 Jul 1998 09:36:15 -0700 (PDT)
          (envelope-from sysadmin@mfn.org)
Received: from noc.mfn.org (noc.mfn.org [204.238.179.35])
	by greeves.mfn.org (8.8.7/8.8.7) with SMTP id LAA12352;
	Sun, 12 Jul 1998 11:36:04 -0500 (CDT)
	(envelope-from sysadmin@mfn.org)
Received: by noc.mfn.org with Microsoft Mail
	id <01BDADB3.189AA0A0@noc.mfn.org>; Sun, 12 Jul 1998 16:35:35 +0100
Message-ID: <01BDADB3.189AA0A0@noc.mfn.org>
From: NOC-GFX <sysadmin@mfn.org>
To: "Pavel V. Antipov" <pavel@ikar.elect.ru>
Cc: "questions@FreeBSD.ORG" <questions@FreeBSD.ORG>
Subject: RE: About using ICQ 
Date: Sun, 12 Jul 1998 16:35:34 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Sun, 12 Jul 1998, Pavel V. Antipov wrote:

> Server's operation system is FreeBSD 2.2.5.
> My local network has addresses specified in RFC1918.
> This network have connection with Internet (HTTP,FTP protocols) 
> via proxy-server.
> 
> 1. How can I provide using ICQ for network users ?

ICQ runs on UDP.  If you open up your UDP though, you leave your
network wide open.  What we have done here is set up an ICQ proxy:
1 lone machine which is allowed to receive ICQ (UDP) packets
unconditionally, and which then sends out appropriately screened
packets to a (very small) list of hosts which are specifically listed
as allowed to read them.  This was a LOT of work: stripping the 
proxy host down file by file took almost a month, and to tell you the
truth, I am still nervous about it.  ICQ is a nightmare of security risks,
and should probably just be abandoned altogether.

HTH,
J.A. Terranson
sysadmin@mfn.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message