ICQ Rule für Firewall?

#1 servus,

könnt ihr mal sagen wie eure rule für ICQ aussieht? ich lese immer manche blocken andere nicht, habe aber bei selbstversuch, mit vermutung auf einen nichtversiegenden strom von IP's, aufgegeben! über antwort freue ich mich.

gruß Lundegaard

#2 Hi

Zitat

5. Whats a good set of rules for ICQ that don't open all ports?
Description: ICQ
Protocol: UDP
Direction: Both directions

Local endpoint
Port type: Port/Range
First port number: 1024
Last port number: 5000
Application: (to wherever your icq.exe is located)

Remote endpoint
Address type: Network/Range
First address: 205.188.153.0
Last address: 205.188.153.255
Port type: Single port
Port number: 4000

Rule valid: Always
Action: Permit
---------------------Rule End----------------------------

The above rule is to connect to ICQ. The range of 1024-5000 for
local port range can be applied to most rules actually, not just this
one. You can be more strict on the address range, but this will do
for the time being, besides it's not allowing a large address range.

---------------------Rule Start--------------------------
Description: ICQ 2
Protocol: TCP
Direction: Outgoing

Local endpoint
Port type: Port/Range
First port number: 1024
Last port number: 5000
Application: (to wherever your icq.exe is located)

Remote endpoint
Address type: Any address
Port type: Any port

Rule valid: Always
Action: Permit
---------------------Rule End----------------------------
This rule is for file transfers, chat rooms, maybe other things but I
know of at least those two. I looked at limiting the remote port
range but it didn't seem to stay in any kind of predictable range.
For file transfers I had the port number's jump from in the 2000
range to the 20 000 range. Remote address is to whoever you're doing
a file transfer with so limiting it can not really be done.

If you want to try file transfers, chats and whatever else on your
own computer then look here
http://lvgeek.net/features/01/04/28/033232.shtml this will tell you
how you can make it so you can open multiple instances of ICQ. Then
just create yourself a new identity on ICQ and open up two instances
of ICQ and you can test things for yourself.

source: ygfjhg

slightly different ruleset for ICQ2000b v4.65. Amongst other
things it seems to include a different connection port during startup. I
don't know what the latest version is... I don't rely on this software
and so don't update too frequently

Here are the rules I'm using, differences highlighted:



---------------------Rule Start--------------------------
Description: ICQ
Protocol: TCP <---
Direction: Outgoing <---

Local endpoint
Port type: Port/Range
First port number: 1024
Last port number: 5000
Application: (to wherever your icq.exe is located)

Remote endpoint
Address type: Network/Mask <---
Network Address: 205.188.0.0 <---
Network Mask: 255.255.0.0 <---

Port type: Single port
Port number: 5190 <---

Rule valid: Always
Action: Permit
---------------------Rule End----------------------------

The netmask was required because I found ICQ connecting outside the
narrower range suggested by jcarm. That entire B block is owned by AOL.

There's also a second version of this rule with network address:
62.12.0.0 and netmask 255.255.0.0. Again this entire block is owned by
AOL and ICQ tries to connect there.

It's possible that these address ranges are too broad, so I'd appreciate
any enlightenment.


Finally I've got a block rule (above both of these) that seems to be the
one that grabs updated ads and graphics during logon:

---------------------Rule Start--------------------------
Description: ICQ
Protocol: TCP
Direction: Outgoing

Local endpoint
Port type: Port/Range
First port number: 1024
Last port number: 5000
Application: (to wherever your icq.exe is located)

Remote endpoint
Address type: Single address
Host Address: 205.188.250.25

Port type: Single port
Port number: 80

Rule valid: Always
Action: Deny
---------------------Rule End----------------------------

I don't have any specific rules for normal use of ICQ: I'm happy for it
to popup connect requests when something unusual happens.

source: HTH

Greetz

#3 okay danke fürs antworten!!!
mal schauen wie ich das verwerte.

gruß Lundegaard

#4 Hi,
ich hab diese Rule auch benutzt.
Sie funktioniert bis zu der Version 2002a, welc´he ich zur zeit verwende.
Hat jemand für die neuste, die obige version schon eine funktionierende rule??