[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference gyro::internet_toolss

Title:Internet Tools
Notice:Report ALL NETSCAPE Problems directly to kdlucas@netscape.com.rnet? Read note 448.L for beginner information.
Moderator:teco.mro.dec.com::tecotoo.mro.dec.com::mayer
Created:Fri Jun 25 1993
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:4714
Total number of notes:40609

4563.0. "Mirabilis ICQ Usage?" by HGOVC::JOELBERMAN () Sun Mar 23 1997 23:52

    I would like to use ICQ from Mirabilis, http://www.mirabilis.com
    
    But it needs a few firewall things.
    
    1.  need to send packets via UDP port 4000, either through a proxy,
    mapped in the firewall, or just open 4000 for outgoing packets.
    
    2.  Need to establish a TCP link on a port above 1023, either through a
    hole or a proxy.
    
    Is there a gateway or proxy around that will do this for me?
    
    /joel
T.RTitleUserPersonal
Name		DateLines
4563.1Re: Mirabilis ICQ Usage?QUABBI::"stuart@nsl-too.pa.dec.com"Stephen StuartMon Mar 24 1997 01:2831
joelberman@hgovc.enet.dec.com wrote:
: Title: Mirabilis ICQ Usage?

:     I would like to use ICQ from Mirabilis, http://www.mirabilis.com
:     
:     But it needs a few firewall things.
:     
:     1.  need to send packets via UDP port 4000, either through a proxy,
:     mapped in the firewall, or just open 4000 for outgoing packets.
:     
:     2.  Need to establish a TCP link on a port above 1023, either through a
:     hole or a proxy.
:     
:     Is there a gateway or proxy around that will do this for me?

Not only are the product's requirements for firewall access a security
risk, but the publishing of who uses what computer -- and even worse,
when they are using it or not -- is very much against security
policies. 

Remember the rule popularly misquoted as "no email addresses on
business cards?" It was actually a rule against publishing the name of
a host to which you had access; addresses naming mail hubs were fine.

Stephen
--
- -----
Stephen Stuart				stuart@pa.dec.com
Network Systems Laboratory
Digital Equipment Corporation
[posted by Notes-News gateway]
4563.2teco.mro.dec.com::tecotoo.mro.dec.com::mayerDanny MayerMon Mar 24 1997 10:089
>    1.  need to send packets via UDP port 4000, either through a proxy,
>    mapped in the firewall, or just open 4000 for outgoing packets.
>    

	You won't get this.  UDP is not allowed due to security considerations.
  You might get TCP if you can justify the usage.  What is this software and
  why might it be useful.

		Danny
4563.3Why I may find it usefulHGOVC::JOELBERMANTue Mar 25 1997 00:0122
    The software does a few things that are useful, but probably security
    risks.
    
    1.  One can set up a list of names and the software will let you know
    if they are on the net, or when they come on.
    
    2.  One can then easily chat, internet phone or video phone to those
    people.
    
    3.  One can post a message to someone. (not any better than email)
    
    #1 is the useful point.   Being many time zones away from the GMA and
    having Digital take away the DTN from home capabilities, and being that
    some of my colleques are not great at returning phone calls or mail, it
    is nice to be able to know when they log on.  I can do the same thing
    with finger or rwho if enabled and vaxphone, but this way is easier. 
    Of course they have to be running the ICQ agent for it to work.  So it
    would save the cost of many short phone calls to the US from HK  by
    enabling me to know when someone is on the system and possibly in their
    office.
4563.4teco.mro.dec.com::tecotoo.mro.dec.com::mayerDanny MayerTue Mar 25 1997 08:5938
>    The software does a few things that are useful, but probably security
>    risks.
>    
>    1.  One can set up a list of names and the software will let you know
>    if they are on the net, or when they come on.
>    
	That could be nice.

>    2.  One can then easily chat, internet phone or video phone to those
>    people.
>    
	This is very unlikely to be supported.  Even if it were TCP based
  the bandwidth requirements would make this a network resource hog and
  the bandwith problems that we have today would be magnified manyfold.

>    3.  One can post a message to someone. (not any better than email)
>    
	Not needed.  Email is just as good.  What does it mean to post a message?
  To where?

>    #1 is the useful point.   Being many time zones away from the GMA and
>    having Digital take away the DTN from home capabilities, and being that
>    some of my colleques are not great at returning phone calls or mail, it
>    is nice to be able to know when they log on.  I can do the same thing
>    with finger or rwho if enabled and vaxphone, but this way is easier. 
>    Of course they have to be running the ICQ agent for it to work.  So it
>    would save the cost of many short phone calls to the US from HK  by
>    enabling me to know when someone is on the system and possibly in their
>    office.
>    
	I understand the usefulness to you.  If you are working outside the
  Corporate network, why don't you use the AltaVista tunnel and be effectively
  connected to the internal network?  That's exactly what it's there for.  As
  far as I know AltaVista tunnel supports both UDP and TCP and if it doesn't
  then maybe you can ask for an enhancement to the Tunnel software.  It's
  better than trying to ask for a hole in the firewall.

		Danny