Forgive my ignorance, but I'm not very familiar with how AOL use network
connections. I've used AIM, and I'm aware of the well-known ports
5190-5193 needed to support AIM as well as the full AOL client program.
>From what I've found so far, it seems that the AOL client program, when
installed, also installs something called the AOL Network Adapter. I've
seen this on some client machines, and always wondered what it was
doing. Now I realize that it is used to establish a sort of VPN between
the client and AOL's host networks.
My questions are:
a.) Is there anyway to use AOL without opening a tunnel for unknown
and unmonitored external traffic? I.e., are all the features of
AOL (e-mail, AOL-only content, etc...) available using only a
web browser?
b.) Am I correct in believing that only the AOL client poses a risk,
or does the AIM instant messenger client also pose a risk? I
run AIM on my machines, and don't see any unexpected routes or
network interfaces.
c.) The CERT/CC report says it has documented incidents of CodeRed
and Nimda propagating through AOL's VPN tunnel. I assume that
this happened via http, but what other ports are open between
users (or are they ALL open!)?
I'm not entirely assured by the fact that Tyler couldn't access shares
across the AOL-VPN. I expect that AOL unbinds file and printer sharing
from the AOL Network Adapter, and hopefully blocks them with a firewall
or router filters as well. But what about other tests? For example,
can I PING through the tunnel? Can I run pcAnywhere through the tunnel?
Has anyone tried mapping the tunnel to see what AOL lets through? I am
already concerned about the hole, but would be very concerned if it
turns out that AOL leaves the tunnel wide open to any and all traffic
between users.
It also doesn't seem like it would be too difficult for AOL to firewall
traffic between users. I wonder if Tyler's test failed because AOL's
already starting doing just that?
-- Mark
