[unisog] [unison] iChat

Patricia Vendt patricia.vendt at wright.edu
Mon May 14 14:56:57 GMT 2007


Thanks Kevin for the quick response. We will try it on our test server 
soon. And thank you in advance for the object to Excel link. -patty

Butler, Kevin D wrote:
> Jeff,
>  
> Give me a call tomorrow, or I can call you. The way Checkpoint does 
> things sometimes is not according to the RFC. We had a problem 
> connecting some Tandberg/Polycom units via an encrypted channel, and it 
> turned out to be an issue with the default object contained in the 
> Checkpoint objects. Have no fear, we shall find a solution for ya.
> 
> ------------------------------------------------------------------------
> From: unisog-bounces at lists.dshield.org on behalf of Oliver, Jeff
> Sent: Fri 5/11/2007 01:36 PM
> To: UNIversity Security Operations Group
> Subject: Re: [unisog] [unison] iChat
> 
> Thanks Kevin (and others),
> 
> I have in fact seen this article, and spent some considerable time on
> the phone with Apple (who helpfully told me that it is my firewall)
> trying to figure out the issues. BTW, the text chat works fine, only the
> AV is broken.
> 
> There seems to be multiple issues involved, including the security
> policy that we have adopted. We do not allow un-solicited traffic
> inbound to the desktops.
> 
>  >From what I have been able to determine, here is the flow of traffic for
> an iChat video session:
> 
> 1. inside m/c "logs in" to server in internet-land
> 2. outside m/c "logs in" to server in internet-land
> 
> 3. inside machine sends "VidChat for buddy" request to server
> 4. server forwards request to buddy on outside machine, which rings.
> 5. buddy answers, and by doing so, outside machine initiates the SIP
> call to inside machine.
> 6. F/W blocks as the call was not initiated on the inside.
> 
> Note that outside to outside works (obviously), but so does inside to
> inside.
> 
> As well, apple's implementation of SIP (which iChat uses) does not
> comply to the RFC's and thus Smart-Defense is seeing the packet as a
> "Malformed SIP Datagram" even though I have turned off the SD portion of
> the firewall and told it not to inspect the SIP packets. I have even
> gone so far as to re-define port 5060 so that there is no inspections,
> and just let it through.
> 
> I think that I will now look into a socks proxy for it?
> 
> Jeff
> 
> 
> 
>  >
>  > Here is a page from Apple's site
>  > (http://docs.info.apple.com/article.html?artnum=106439). It does not
>  > specifically reference any single firewall, but it should help in
>  > configuring
>  > your Checkpoint. Just search the page for "iChat". So far, it looks
>  > like
>  > these ports:
>  >
>  > 5060 UDP, 5190 TCP/UDP, 5222 TCP, 5223 TCP, 5269 TCP, 5297 TCP, 5298
>  > TCP
>  >
>  > By chance, what version of Checkpoint are you running? There should be
>  > a
>  > couple of default groups (AOL_Messenger, MSN_Messenger, and
>  > Yahoo_Messenger),
>  > that utilize some of the base ports that you need. If you still are
>  > having a
>  > problem, feel free to contact me off list. I would not mind assisting.
>  >
>  >
>  > Kevin D. Butler, MCP
>  > University of Arkansas for Medical Sciences
>  > IT Technical Security Department
>  > 4301 West Markham, Slot 637
>  > Little Rock, Arkansas 72205
>  > (501) 526-6391 Wk
>  > (501) 405-8240 Pgr
>  > (501) 772-3971 Cell
>  >
>  > "Only those who will risk going
>  >    too far can possibly find out
>  >            how far you can go."
>  >
>  >                                      - T.S. Eliot, poet
>  >
>  > -----Original Message-----
>  > From: unisog-bounces at lists.dshield.org
>  > [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Oliver, Jeff
>  > Sent: Thursday, May 10, 2007 4:01 PM
>  > To: unisog at lists.dshield.org
>  > Subject: [unisog] ichat
>  >
>  > Has anyone had success getting iChat through a CP firewall?
>  >
>  > Jeff
>  >
>  >
>  >       I do know everything, just not all at once.
>  >       It's a virtual memory problem.
>  >
>  >
>  > --
>  >
>  > Jeffrey L. Oliver                      Email: jeff.oliver at uleth.ca
>  > Network Analyst                        Web:   http://telecom.uleth.ca 
> <http://telecom.uleth.ca/>
>  > Communication Technologies Unit        H.323: jeff.oliver at uleth.ca
>  > The University of Lethbridge
>  > 4401 University Drive
>  > Lethbridge, Alberta                    Tel:   403.329.5162
>  > Canada, T1K3M4                         Fax:   403.382.7108
>  >
>  > --
>  >
>  >
>  >
>  > _______________________________________________
>  > unisog mailing list
>  > unisog at lists.dshield.org
>  > https://lists.sans.org/mailman/listinfo/unisog
>  >
>  > Confidentiality Notice: This e-mail message, including any
> attachments,
>  > is for the sole use of the intended recipient(s) and may contain
>  > confidential and privileged information.  Any unauthorized review,
> use,
>  > disclosure or distribution is prohibited.  If you are not the intended
>  > recipient, please contact the sender by reply e-mail and destroy all
>  > copies of the original message.
>  >
>  >
>  > _______________________________________________
>  > unisog mailing list
>  > unisog at lists.dshield.org
>  > https://lists.sans.org/mailman/listinfo/unisog
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
> 
> Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog


More information about the unisog mailing list