[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [seul-edu] ICQ and Security




On 26-Apr-00 Kevin Brown wrote:
> The truth is, if we put Linux in schools, the kids want to talk. I told
> some kids at my school some of the features of talk, write, finger and
> mail and they just loved the idea. But most kids at home use Windows or
> Mac. I know very few kids who have or let alone have heard of any kind
> of UN*X-based OS. So on Windows the best chat program to use is ICQ.

I agree. Is the most common, and there`s a big chance on them already having a
UIN.
 
> I have been using ICQ for a while (55821403) and I have seen many of the
> security holes. By standard your IP address is revealed to the world and
> you must go in and change that manually. Even if you do hide your IP,
> programs like Sub-7 can still trace it. Now, if the schools and homes
> were to all switch to licq or gicq or even gnomeicu, could programs like
> NetBus, NetOrifice and Sub-7 still be able to hack into a Linux based
> system? And is there ways to prevent these "attacks" through a Linux
> roughter? Thanks,
> 
> Kevin Brown.

Let`s see. If ICQ couldn`t somehow reveal your IP address, some other program
would, and anyway you`re exposed to script kiddies random-scanning ip-address
blocks (i`ve seen scannings being done). Even windows (or any other TCP/IP
enabled OS for that matter) itself reveals it (try running netstat when using
ICQ chat, file-transfer or even the user details recovery). The only good
security is not trying to hide data from them, but be prepared when they come,
making your network a fortress. 

For a start, i recommend you TrinityOS, a document intended to guide you in the
installation and configuration of a secure and featurefull (is that a legal
word?) linux box. Then try to advance from them (David Ranch knows a lot, but
you shouldn`t trust the security of your boxes to anybody else but you, and i
think he would agree in that). The URL is

http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html

(Warning!: Be prepared with a lot of coffee, you will lose sleep :)



----------------------------------
Jaime Herazo B.
E-Mail: jherazo@geocities.com
Date: 26-Apr-00
Time: 22:56:50

This message was sent from linux by XFMail
----------------------------------