aol-aim-tunnel.txt

1999-08-17T00:00:00
ID PACKETSTORM:15097
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `The risks of using an AOL client behind a firewall  
  
Many users wish to use AOL client or AIM (AOL Instant Messenger) behind the company firewall. However, opening  
the firewall for an AOL client can present a security risk to the entire network.  
  
AOL client connects to the AOL server at port 5190.   
This is usually easy enough for the administrator to configure the firewall to allow this port (5190), and the client will  
work properly. However, the AOL client establishes an IP tunnel to the AOL server and creates a VPN between the  
AOL network, and the Client's network (with the assistance of the AOL client of course), this basically allows  
complete communication between the client and the remote server (the AOL client receives an IP address on the  
virtual network, and therefore there is no way the firewall can limit this communication), and this also means that the  
client is now exposed to all kinds of IP based attacks, such as nukes, access to personal web servers and ftp  
servers, and much more, from anyone on the Internet (All they have to figure out is the Virtual IP address given by  
the AOL server).  
The firewall is basically helpless against this, because this is all going through port 5190 which was allowed for  
communication by the administrator.  
  
To see it in action, start your AOL client, and run "winipcfg" (under Windows 95) to see you have a new adapter  
(besides the dial-up-adapter or network adapter you used to connect to the Internet with). This adapter will have  
its own IP and gateway information. AOL's home page is at: www.aol.com For information on how to connect AOL  
client through a firewall, see: http://webmaster.info.aol.com/firewall.html   
`