On page 13 and 14 of CERT's paper "Trends in Denial of Service Attack Technology"[1], it is stated that, in essence, any users connected to AOL thru a cable or DSL connection will be given an IP address from the AOL network in addition to the one that they already have. According to the paper, "Traffic to the AOL assigned address may be routed across a VPN to the end user system in a way that may bypass some personal firewall technology, enabling intruders to remotely exploit vulnerabilities or misconfigurations such as unprotected file shares." I tried to verify this over the weekend with no success. To do this, I loaded ZoneAlarm on my test machine (running Windows 98) and configured it to trust no one by default. I also shared my C: drive so something would be open. I then installed AOL and gave the AOL programs access thru ZoneAlarm. When AOL connected, I was assigned an IP address from the AOL address space and looking through netstat, I saw that my file share was listening on the AOL address. When I attempted to connect to my AOL address from another machine and look at the shares, nothing happened. ZoneAlarm did not raise any flags, but nothing happened to indicate any file shares were available either. I even attached netcat to port 80 so anyone connecting to it would get a command prompt on my machine. I also gave netcat server rights through ZoneAlarm. The same thing happened when I tried to connect, nothing.
Has anyone been able to verify that this happens? According to the CERT paper, they've had documented cases of machines getting infected with Code Red and Nimda this way. One other thing to note, I did not see any indication of a VPN either. For my configuration, I had the test machine going through another Windows computer running ICS as a gateway to a dial-up connection. On this other machine, I ran a sniffer and saw plain-text communications from web pages I was going to on the AOL test machine. I'd just like to know if I'm doing the right thing here or I'm misconfigured some way. Thanks in advance. Tyler [1] - http://www.cert.org/archive/pdf/DoS_trends.pdf
