On Wed, 12 Sep 2001, william.wells wrote:
[Apologies, I'm jumping into this late and responding to more than just
William's text.]
> AOL hasn't gotten back to me on if this is expected behavior or not.
> Since it just started, I'm inclined to believe that something is amiss
> at AOL. My primary reason for writing to y'all was to confirm that the
> URL and activity I was seeing was consistent with Code Red and to see
> if y'all could provide some ideas for investigating this. If someone
> else was seeing this, that would also eliminate my PC's configuration
> and our Corporate environment from the mix.
AOL tunnels TCP/IP over port 5190, and has for a while now.
> Again, my feeling is that there is either some weird configuration on
> my system which I can't explain nor remember making or that there is
> something amiss at AOL which they will resolve. Thus far, I've only
I think it's called a "design feature," since they expect people to be
able to do things like IRC and FTP while connected to their network, both
of which require peer-to-peer connectivity. I can't imagine that they'd
be as interested in firewalling users internally as firewalling the "big
bad Internet," though I suppose they could disable client<->client routing
functionality. That would require that all AOL<->AOL connections go
through the same mechanism as AOL<->non-AOL connections, and I can't
understand anyone under my own paranoia level even considering taking that
infrastructure hit (I'd mandate it though.)
> had people take information from me at AOL to pass along to others.
> The general feeling at AOL is that their security is so tight that
> there is no way they could possibly be sending me a Code Red URL or
> that I need to talk to Microsoft Windows 95 support; that is, it must
I think you're just not talking to the right people at AOL.
>
> 1 874 ms 775 ms 888 ms ipt-mq05.proxy.aol.com [64.12.101.234]
> 2 928 ms 942 ms 879 ms tot5-mc2-G4-0.proxy.aol.com [64.12.101.251]
> 3 890 ms 846 ms 826 ms ipt-mp04.proxy.aol.com [64.12.101.223]
> 4 2327 ms 2291 ms 2146 ms ACADC236.ipt.aol.com [172.173.194.54]
That's another AOL users. I can't imagine that they don't allow
peer-to-peer services between users. I also can't imagine them not trying
to take advantage of IP to do so ensuring that they don't have to keep
writing their own client software.
> Other than setting AOL to use a LAN (TCP/IP) in the Setup box, no other
> changes or proxy settings are set. I am not in the web browser when this
> occurs; I am completely within the AOL software. The intrusion alarm only
> occurs when logged into AOL and the IP addresses involved are only AOL's
> systems.
Probably because things get translated in and outbound to the rest of the
world.
I wrote an article recently on tunneling, and it's always concerned me
ever since AOL and Compuserve went to a full IP enabled clients that
corporate usage couldn't be firewalled effectively (let's not even talk
about that that AOL client is capable of between their servers and your
computer.)
Paul
--------------------------------------------------------------------------
Paul D. Robertson #rm -rf /bin/laden
[EMAIL PROTECTED]
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
