ICQ is considered by most to be a security threat to its users. During the course of its evolution, it has suffered from many serious bugs and vulnerabilities, such as vulnerabilities that allowed malicious users to probe another user for a lot of information, or to launch attacks with serious effects, ranging from flooding the user's ICQ client with messages, causing it to crash, stealing passwords or even breaking into computers.

Vulnerabilities have come and gone, but many have stayed. During this tutorial, we will focus on the simple vulnerability, which is caused by the way that ICQ works, and therefore hasn't been patched. It's the vulnerability that allows anyone to view your IP address, and it exists because ICQ is a client-to-client program.

Even if you tell ICQ not to reveal your IP in the preferences dialog box, under privacy, there are other ways a malicious user might try to find it other than looking at your info and expecting to find it there. Since ICQ is a client-to-client program, messages and other ICQ events are transferred directly from one host to another, without the interference of a server, meaning that if you send someone a message or someone sends you a message, a socket is created between your computer and the other person's computer. What does this mean? This means that anyone who sends or receives an ICQ event from you can use programs such as netstat to view all existing connections, spot the one that belongs to you and get your IP address!

Try it for your self. Press start, run, and then type command. A DOS window will appear. Type netstat -A and you will receive a list of existing connections, their status and other basic information about them, as well as the IP of the other host which is connected to you through that socket (unless this is a listening socket, which is waiting for a host to connect to it. A listening socket will not give you a "Foreign Address".

So why doesn't Mirabilis (founder of ICQ) change that? Why doesn't it change ICQ so all events are transferred through the server, so attackers will send and receive events to and from the server and thus will be unable to find other people's IPs? Simple. Because what kind of a mad man would want all those millions of ICQ users moving their traffic through his server? And though AOL (the current owners of Mirabilis) has a lot of money and can probably pay for all this bandwidth, why would they do that? They don't care about your security, and they won't spend an extra cent to improve it. As a result to that, new versions of the ICQ client are released without being properly tested, and new holes are being frequently discovered.

Of course, the fault is not Mirabilis's alonel. There are also several user-inherent problems, caused by users that reveal private information by writing it into their user account info. Everyone can view your info, so don't reveal anything that you wouldn't like to when you fill out the form in the ICQ account preferences dialog box.

Remote_Access_