Vulnerability Development mailing list archives
Re: Broken AOL Code - spoofing
From: Robert van der Meulen <rvdm () wiretrip org>
Date: Sat, 6 Oct 2001 01:35:21 +0200
Hi, Quoting Ryan Sweat (ryans () cecentertainment com):
When a user logs in to AOL using tcp/ip on a LAN, aol assigns them a public ip address. This ip address is tunneled to the destination within the aol connection. The problem I have found is when any of the common worms on the internet happen to scan the 'aol ip', the reply from the users box ("destination unreachable/port unreachable") is sent through the LAN with the source of the aol ip address. Many would consider this spoofing.
This is called tunneling, not spoofing. As much as i dislike AOL, I wouldn't call this broken (although i would be happy to comment on the weirdness of this system). Tunneling connections trough your firewall is a design issue, not a software vulnerability issue (unless you'd like to mark ipsec, CIPE, ipip, ipv6-over-ipv4 and all other tunneling protocols a vulnerability or spoofing). Spoofing means you answer on a connection, initiate a connection, terminate a connection or meddle in a connection with a source address that is not bound to your host. In this case it is bound to the AOL-ing host, trough the tunnel. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key. Nine out of ten men who preferred Camels have switched back to women.
Current thread:
- Broken AOL Code - spoofing Ryan Sweat (Oct 05)
- Re: Broken AOL Code - spoofing Robert van der Meulen (Oct 05)