AOL client uses IP tunneling

[aviram () SECURITEAM COM (Aviram Jenik)]

Hi.

I don't know if this is well known, but I'm sure it's new to many people
on this list.

Many administrators allow AOL client communication through their
firewall. Those should understand, that while the AOL client only uses
port 5190 for communication, the client actually establishes an IP
tunnel to the server, in order to become a part of a VPN, thus
effectively piercing the firewall.

The consequences are that basically the firewall is useless. The
firewall can do very little filtering, and certainly not protect the
client against attacks from outside (including access to local services
running on the client).

This means that even though the firewall allows http access only to the
internal web server, outsiders can access a local web server running on
a client machine running an AOL client. Other malicious attacks (such as
the various win nukes) are also possible.

For more information please take a look at:
http://www.securiteam.com/securityreviews/The_risks_of_using_an_AOL_client_behind_a_firewall.html

--
-------------------------
Aviram Jenik

"Addicted to Chaos"

-------------------------
Today's quote:
Nothing is more destructive of respect for the government and
the law of the land than passing laws which cannot be enforced.
                         - Albert Einstein, "Ideas and Opinions", 1954