[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] How to block MSN using SuSEfirewall2?

On Saturday 21 February 2004 19:34, Ray Leach wrote:

> > No, I'm saying because MSN Chat is able to work via a proxy AFAIK,
> > security wise it is probably a better solution than using masquerading of
> > the internal network and firewalling the ports in question.
> Except that MSN Messenger is a crafty little piece of cr#p. It uses UPnP
> (initially on TCP port 1863) to try and find a way through the firewall
> and bypass the squid proxy.

If you don't have a router between internal and external networks (only allow 
connections through proxies), MSN Chat will HAVE to use the Squid proxy. As 
far as I know SuSE doesn't even ship a UPnP aware firewall (if any exists for 
Linux at all), so the risk that it manages to punch a hole in your precious 
firewall is virtually non-existant.

It may try to bypass the proxy, but it will most certainly fail doing so.

Best regards,

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here