Hi Tyler, > Now, are you running a personal firewall on your machine as well?
Yes. I wouldn't connect a machine to a network of any kind without some kind of firewall, at home or work. > If so, did anything get let through? Nothing has got through my firewall (that I know of) since I first started using personal firewall software. Matter of fact, I blocked two more tcp connection attempts as I was typing this letter. FWIW, I also use antivirus software and realtime virus detection. As a point of reference, some time ago, I used to use AOL without a personal firewall (I've used antivirus software almost since I first got connected). Before I started using the personal firewall, I frequently had untraceable computer problems, that occasionally required reinstalling everything from scratch. I haven't had to do that since I installed the firewall software. As an aside, I use the same software on my PC at work, where I've used it to help track down errant and infected machines on many occasions. IMO, the features provided by a good firewall should be an integral part of every operating system ... they are that important (not just the primitive controls MS has in NT/W2k). > What I'm trying to get at there is that the > CERT paper is saying that the traffic to the AOL IP address may be relayed > in a way to allow it to bypass personal firewalls. Have you seen this? Well, it doesn't exactly put it that way. The paper says (pg. 13), "...For example, end-users connected to America Online (AOL) over a DSL or cable modem connection may be assigned an IP address from an AOL network block in addition to the IP address obtained as a result of the DSL or cable modem connection. Traffic to the AOL-assigned address may be routed across a VPN to the end-user system in a way that may bypass some personal firewall technology, enabling intruders to remotely exploit vulnerabilities or misconfigurations such as unprotected file shares." To answer your question, according to these two sentences above, only people who use a cable modem or a DSL connection to log onto AOL *may be* at risk (I find it curious that it doesn't say they are *definitely* at risk). Call me old fashioned, but I use a dial-up connection :) So no, I haven't seen this happen, because I don't use a cable modem or DSL. After reading this, I will definitely rethink my plans to sign up for DSL :/ It seems to me that the vulnerability being discussed involves the assignment of two dynamic IP addresses to the same machine, and a way to circumvent one of them (assuming the one being circumvented was the one with the firewall on it). After reading this, I doubt seriously that this type of vulnerability is peculiar to AOL only. They have certainly had their share of trouble, but I don't think they're the only ones. Thanks again for the pointer to the article. -UMus B. KidN
