Workshop

Figure 20.2 The AOL Instant Messenger can use socks 4, socks 5, or an HTTPS proxy.
AOL NetMail
America Online allows its users to check their email outside of their regular software by using a Webbased
interface. A special plug-in is downloaded for your browser, and you can read your email in a jiffy.
The Web component doesn’t pick up on your browser’s proxy settings; you simply need to configure it
similarly to your browser, as shown in Figure 20.3. (You can also use the earlier tips to find out where
your proxy server is.)
Figure 20.3 AOL NetMail supports socks 4 and socks 5; if you only have application-specific proxies
such as FTP and HTTP, you may be out of luck.
NetMail is similar to AOL’s Instant Messenger; it uses one outgoing-only TCP connection to port 5190
on the server side.
ICQ
Mirabilis’s ICQ is arguably the most popular real-time chat program out there. It has great support for
socks servers, as you can see from Figure 20.4. However, this is one program that is hard to use with a
filtering firewall; although it only needs one TCP port (4000) to contact the ICQ server on the Internet,
the workstation must then be able to get connections initiated from the outside on many TCP ports—that
is, incoming connections on your network. (Configured for socks, ICQ needs no incoming connections; it
simply uses the established connection you create through the proxy.)
Figure 20.4 Socks 4 and socks 5 are the preferred proxy servers for ICQ; a filtering firewall is much
harder to configure.
Without using socks, the ICQ client software prefers at least 12 incoming ports; even worse, it likes to
assign them randomly. To make life easy on you or your firewall administrator, ICQ allows you to
specify a “static” port range rather than a random port range, which means that you must manually
configure each ICQ client. Still, many organizations have an outgoing-only policy on firewall