Believe it or not, the login.oscar.aol.com server/s will allow the ability
to establish a connection on any of the 64k ports available. Try it with the
telnet application included with Win95/98/NT. Connect to login.oscar.aol.com
using any port number you want and you'll be succesful in establishing a
connection. Nice huh?
You've also discovered that the only resolution to prevent the connections
from occuring, is to block access to the IP's involved. Which at present, I
believe include the following:
205.188.3.177
152.163.241.121 and
152.163.241.129
Best Regards,
Don Kelloway
http://www.commodon.com/threat
-----Original Message-----
From: Jay S. Schulman <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, April 22, 1999 2:21 PM
Subject: AOL/Netscape Internet Messenger
>
>
>
>I have an interesting situation.
>
>After walking around the building yesterday, I found a few people using
>AOL's Internet Messenger. I didn't think it should work over our firewall.
>After some testing, it appears that these people are sneaking through the
>firewall on port 80. AOL IM will send messages through any available port.
>I could stop this directly by blocking traffic to login.oscar.aol.com (the
>login server), but I am not sure it is worth it. Is IM a security risk?
It
>appears to use AOL as a proxy, so there are no direct connections to the
>client (as in ICQ and others).
>
>Thanks for the help.
>
>Jay S. Schulman
>Corporate Network Administration
>Suntory Water Group - Chicago
>
>Content-type: multipart/mixed; boundary="=_IS_MIME_Boundary"
>--=_IS_MIME_Boundary
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>*********************************************************
>
>Suntory Water Group Mail Services - Unauthorized Use Prohibited.
>
>*********************************************************
>
>--=_IS_MIME_Boundary
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>
>--=_IS_MIME_Boundary--
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
