33 lines
1.7 KiB
Plaintext
33 lines
1.7 KiB
Plaintext
The risks of using an AOL client behind a firewall
|
|
|
|
Many users wish to use AOL client or AIM (AOL Instant Messenger) behind the company firewall. However, opening
|
|
|
|
the firewall for an AOL client can present a security risk to the entire network.
|
|
|
|
AOL client connects to the AOL server at port 5190.
|
|
|
|
This is usually easy enough for the administrator to configure the firewall to allow this port (5190), and the client will
|
|
|
|
work properly. However, the AOL client establishes an IP tunnel to the AOL server and creates a VPN between the
|
|
|
|
AOL network, and the Client's network (with the assistance of the AOL client of course), this basically allows
|
|
|
|
complete communication between the client and the remote server (the AOL client receives an IP address on the
|
|
virtual network, and therefore there is no way the firewall can limit this communication), and this also means that the
|
|
|
|
client is now exposed to all kinds of IP based attacks, such as nukes, access to personal web servers and ftp
|
|
servers, and much more, from anyone on the Internet (All they have to figure out is the Virtual IP address given by
|
|
the AOL server).
|
|
|
|
The firewall is basically helpless against this, because this is all going through port 5190 which was allowed for
|
|
communication by the administrator.
|
|
|
|
To see it in action, start your AOL client, and run "winipcfg" (under Windows 95) to see you have a new adapter
|
|
|
|
(besides the dial-up-adapter or network adapter you used to connect to the Internet with). This adapter will have
|
|
its own IP and gateway information. AOL's home page is at: www.aol.com For information on how to connect AOL
|
|
|
|
client through a firewall, see: http://webmaster.info.aol.com/firewall.html
|
|
|
|
|