ICQ
|
| ICQ "I seek you" (http://www.icq.com) was created by the company, Mirabilis Ltd., in 1996 and was later acquired by AOL in 1998. In this regard, it is AOL's "other" instant messaging client, although it is maintained as a completely separate non-AOL branded company, ICQ Inc. ICQ supports text instant messaging, file transfers, as well as video and voice communications. More information on the ICQ protocol is available at http://www.icq.com/icqtour/firewall/netadmin.html. Connecting to ICQMuch like AIM, ICQ uses TCP port 5190 to perform the basic client to server communications (login, etc.). Client to client communication is performed on TCP high ports from 1024-65535. This basically means that as long as you are running a standard NAT/Masquerading firewall and are not filtering out traffic on those ports, ICQ will work through your firewall with no issues. The ICQ client documentation at http://www.icq.com/icqtour/firewall/other.html references reconfiguring your client specifically to deal with communicating to other hosts behind firewalls. However, the open source client we use, Gaim (one IM client to rule them all!), http://gaim.sourceforge.net, is compatible with NAT environments by default, so further configuration is not necessary. Blocking ICQBlocking ICQ traffic is very similar to the methods used with AIM and MSNprimarily by blocking access to the login server at login.icq.com. A deeper investigation of this server shows just how close AIM and ICQ are to one another: [user@firewall /tmp]$ host login.icq.com login.icq.com is an alias for login.login-grt.messaging.aol.com. login.login-grt.messaging.aol.com has address 64.12.161.153 login.login-grt.messaging.aol.com has address 64.12.161.185 login.login-grt.messaging.aol.com has address 64.12.200.89 login.login-grt.messaging.aol.com has address 205.188.179.233 These are, in fact, the same login servers used by AIM, so we can use the exact same rules for blocking AIM on ICQ: This blocks specific ICQ/AIM traffic: $IPTABLES -A FORWARD dport 5190 -m limit \ --limit 1/second -j LOG --log-level info \ --log-prefix "Policy Violation: AIM/ICQ " $IPTABLES -A FORWARD --dport 5190 -j DROP And this blocks access to the ICQ/AIM servers: $IPTABLES -A FORWARD -d 64.12.161.153 -m limit \ --limit 1/second -j LOG --log-level info \ --log-prefix "Policy Violation: AIM/ICQ " $IPTABLES -A FORWARD -d 64.12.161.185 -m limit \ --limit 1/second -j LOG --log-level info \ --log-prefix "Policy Violation: AIM/ICQ " $IPTABLES -A FORWARD -d 64.12.200.89 -m limit \ --limit 1/second -j LOG --log-level info \ --log-prefix "Policy Violation: AIM/ICQ " $IPTABLES -A FORWARD -d 6205.188.179.233 -m limit \ --limit 1/second -j LOG --log-level info \ --log-prefix "Policy Violation: AIM/ICQ " $IPTABLES -A FORWARD -d 64.12.161.153 -j DROP $IPTABLES -A FORWARD -d 64.12.161.185 -j DROP $IPTABLES -A FORWARD -d 64.12.200.89 -j DROP $IPTABLES -A FORWARD -d 205.188.179.233 -j DROP |
|
