|
|
ICQ stops functioning when I configure the protection to "Paranoid"
This article applies to: BlackICE Defender.
SUMMARY
This is the correct behavior of our protection system, and is why
we have different security levels. The correct solution is to
lower the security levels until the application works. ICQ should
work at "Nervous". If you desire to remain at the "Paranoid" level,
you can still make ICQ work by editing the "firewall.ini" configuration file.
DETAILS
Programs like ICQ use what are known as "dynamically assigned TCP ports".
This makes it difficult to match up requests with responses, so
the protection feature must drop the responses by default.
The problem can be fixed by editing the file "firewall.ini". This is
a complex operation, so we recommend this only to customers
who are comfortable programming firewall rule-sets and port filters
with a text editor.
Otherwise, simply reduce the protection level to "Nervous".
Advanced
The first step is to configure the firewall rules:
-
You will need to make a change to FIREWALL.INI (located in the
installation directory--default location is C:\Program Files\Network ICE\BlackICE).
Before editing this file, please copy a backup to a file called FIREWALL.SAV.
-
Using the Notepad.exe utility, open the FIREWALL.INI [*** WARNING ***
You must be very careful with this file. An unintended entry could
have unpredictable results.]
-
In FIREWALL.INI, there is a section that looks somewhat like this (when
set at "Paranoid", the entry may look slightly different at other settings).
[MANUAL TCP high REJECT]
-
Immediately under the section heading, add the following lines
to make it look roughly like the following:
[MANUAL TCP high REJECT]
ACCEPT, 8000, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8001, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8002, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8003, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8004, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8005, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8006, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8007, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8008, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8009, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8010, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8011, ICQ, 1999-07-22 20:26:53, PERPETUAL
ACCEPT, 8012, ICQ, 1999-07-22 20:26:53, PERPETUAL
(A minimum of 3 such ports need to be opened, but we recommend 12 such ports).
-
Save and close FIREWALL.INI.
The service will now be available. The intrusion detection component
of the the product will still detect hostile activity
on these ports and dynamically
block some intruders, but normal access should work as expected.
The next stage is to make ICQ aware of the firewall.
- Open the ICQ Menu and select Preferences.
- Select the Connection tab.
- Select "I am behind a firewall or proxy"
- Press the button "Firewall Settings"
- In the Firewall Settings dialog box, select
"I don't use a SOCKS Proxy server on my firewall or I am using another Proxy server"
- Press the Next button.
- Select "Use the following TCP listen ports for incoming events"
- Choose the same list as specified in FIREWALL.INI, namely 8000 through 8012.
- Press the Next button.
- Make sure ICQ is Disconnected (Off line)
- Press the button "Check My FIREWALL / Proxy Setting"
- If everything succeeds, then press the "Done" button.
If you have further problems, please see the ICQ web page at:
http://www.icq.com/firewall/port.html.
Explanation
ICQ sends outgoing announcements to the server via an outgoing packet
to UDP port 4000 on the server. Responses are then sent back to the dynamically
generated port that sent the packet. This behavior is not friendly to
firewalls, which will filter out these responses.
In order to make ICQ work correctly, we need to allocate a range of TCP port
numbers that the server can use to send responses back on. In the above
exercise, we have allocated the range 8000-8012, then told both the
firewall and ICQ to use that range.
Keywords: ICQ
Version: 1.8.5.5
Fixed:
Modified: 1999-08-15
|
