Hi. I don't know if this is well known, but I'm sure it's new to many people on this list. Many administrators allow AOL client communication through their firewall. Those should understand, that while the AOL client only uses port 5190 for communication, the client actually establishes an IP tunnel to the server, in order to become a part of a VPN, thus effectively piercing the firewall. The consequences are that basically the firewall is useless. The firewall can do very little filtering, and certainly not protect the client against attacks from outside (including access to local services running on the client). This means that even though the firewall allows http access only to the internal web server, outsiders can access a local web server running on a client machine running an AOL client. Other malicious attacks (such as the various win nukes) are also possible. For more information please take a look at: http://www.securiteam.com/securityreviews/The_risks_of_using_an_AOL_client_behind_a_firewall.html -- ------------------------- Aviram Jenik "Addicted to Chaos" ------------------------- Today's quote: Nothing is more destructive of respect for the government and the law of the land than passing laws which cannot be enforced. - Albert Einstein, "Ideas and Opinions", 1954
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:25 PDT