ICQ 98 beta on Windows NT was found to have a bug where it sends out with the message to an ICQ user sensetive information which can sniffed out from the replay (whether it is a reject, or any other message). This sensetive information can help malicious users obtain information about the stracture of the internal network. This is because the replay packet includes inside it the internal IP address of the computer (usually the IP address of a second network card, in case a modem is used, or the internal IP of the Firewalled network, when NAT (Network Address Translation) is used in the Firewall configuration).
By sending a message a normal message to an ICQ user, and sniffing out the returning packet, a malicious user can gain sensitive information about the structure of the internal network. This is due to the fact that the returning message contains both the External IP (i.e. Internet valid IP such as 194.90.1.1) and the Internal IP (i.e. private IP, such as 1.2.3.1).
