As you can see by your trace, running the AOL client basically creates a tunnel
between your network and the internal AOL network (which does have public addresses
but is not accessible directly from the Internet). The AOL proxy server that you
connect to, acts as a gateway, accepting internal AOL traffic (for any port and
protocol) and proxying it over the 5190/tcp tunnel, then sends it to applications on
your PC to original port and protocol. That is why the AOL client adds another
pseudo-NIC on your machine. It allows you to connect to any application on the AOL
intranet, no matter which protocol and port. It also allows your machine to be visible
to any host on the AOL intranet, since it has an AOL IP (which is managed by the AOL
proxy application). If your machine was routing, it would also allow anyone on AOL to
tunnel to your internal network, since it now has 2 logical NIC's.
This architecture allows AOL to provide any application to AOL users without
worrying about ports etc. but it means your internal machine is seen as a host on the
AOL network, really lowering security. Since they firewall their connection to the
Internet somewhat, your are trusting only every AOL user, not the whole Internet, but
that is still scary.
AOL access is not something I would allow for an internal secured network.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of william.wells
Sent: Wednesday, September 12, 2001 18:31
To: 'Ron DuFresne'; william.wells
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: RE: AOL probe - "just" Code Red
<snip>
Today's trackback from my PC is (copied by hand):
C:\WINDOWS\tracert 172.173.194.54
Tracing route to ACADC236.ipt.aol.com [172.173.194.54]
over a maximum of 30 hops:
1 874 ms 775 ms 888 ms ipt-mq05.proxy.aol.com [64.12.101.234]
2 928 ms 942 ms 879 ms tot5-mc2-G4-0.proxy.aol.com [64.12.101.251]
3 890 ms 846 ms 826 ms ipt-mp04.proxy.aol.com [64.12.101.223]
4 2327 ms 2291 ms 2146 ms ACADC236.ipt.aol.com [172.173.194.54]
Our firewall is configured, when AOL is enabled, to allow transparently
outside access on port 5190 to any server on the following networks; 64.12,
152.163, and 205.188. The first hops on the traceroutes are to servers on
the 64.12 networks. The 172.173.194.54 system is only accessible via your
AOL adapter software (when I drop AOL, that system is no longer accessible).
"Transparency" means, among other things, that there are no special
configurations or settings on my PC, Internet Explorer (see below), or AOL.
This configuration has worked for years.
Other than setting AOL to use a LAN (TCP/IP) in the Setup box, no other
changes or proxy settings are set. I am not in the web browser when this
occurs; I am completely within the AOL software. The intrusion alarm only
occurs when logged into AOL and the IP addresses involved are only AOL's
systems.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
