>> It maybe interesting to know that aol installs a special ``adapter'' >> that is purported to behave similarly to an hardware nic. In fact, on >> win9x, at least, it is next to the nic in network neighborhood >> properties and is near identically configured.
>from Charles Steinkuehler > >As mentioned in other replies, and strenghtened by the above, it sure sounds >like AOL is setting up a virtual network (or tunnel) of some sort from the >client system to somewhere in AOL land. [cut] >As mentioned elsewhere, apparently the AOL traffic is creating a tunnel >through your firewall for it's traffic, which fundamentally represents a >'back door' to your internal net. Anyone seen a recent security review of >the AOL client source code, to know if this is "safe" or not? Since I was the one who had initially responded with the "its a dial-up user on our network" response, I decided to do some additional checking. My current martian packets now seem to be coming from the following - AOL 7.0 client installed on a W2k machine, accessing AOL via our LEAF router. The martian packets are like this - 3 per login Mar 15 15:23:27 isdnfirewall kernel: martian source eab898ac for ffffffff, dev eth1 Mar 15 15:23:27 isdnfirewall kernel: ll header: ff ff ff ff ff ff 00 d0 b7 7f 5a 38 08 00 giving an ip of 172.152.184.234 doing a tracert gives this ip as AC98B8EA.ipt.aol.com As a fix for my network, I am removing the AOL client(s), and instructing the individuals to get to AOL mail, etc. - ONLY via the browser, and never the AOL client. Since I am able to control these types of actions on my network, and because we have no BUSINESS reason to login to AOL - this is an acceptable solution for me. Logging into AOL via the browser does not generate these packets (of course - but I checked it just to be sure). FYI for the list. Doug _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
