Re: CRIME AOL Backdoor?

From: brvarin@private
Date: Mon Jun 24 2002 - 18:01:27 PDT

  • Next message: Crispin Cowan: "Re: CRIME AOL Backdoor?"

    It doesn't look like a backdoor. The URL in question redirects you
    http://www.aol.com. As long as you have aol blocked, it shouldn't work.
    Another intersting feature of this URL is it also has the same IP as
    ads.web.aol.com. The whole Class C is AOL's  You're probably getting a lot
    of users hitting web ads from AOL.. The webmail services are getting quite
    creative in the number of IP's and hostnames they use. They are actively
    looking to circumvent your firewall. Same goes for IM services. Remember,
    they are in business to enable their users to get to their page, they could
    care less about your security.
    
    ar.atwola.com resolves to 64.12.184.25 64.12.184.89 64.12.184.121
    64.12.174.153 64.12.174.185 152.163.226.25 152.163.226.89 152.163.226.57
    152.163.226.121 152.163.226.153 152.163.226.185 205.188.165.57
    205.188.165.121 205.188.165.185 205.188.165.249 64.12.184.57
    Block 'em all!
    
    
    
    
    From: Jeffrey_Korte/Security/FCNB/Spgla@privateat_private on 06/24/2002
          12:30 PM
    
    Sent by:  owner-crime@private
    
    
    
    To:   crime@private
    cc:
    bcc:
    
    
    Subject:  CRIME AOL Backdoor?
    
    
    Information Classification: Public.
    
    I  have  recently  come across a scenario that I've not been able to find a
    satisfactory answer to and I hope someone can assist me.
    
    Due  to  security/virus  concerns,  several  months  ago I killed access to
    Internet  based E-mail services at our Bank. (Yahoo, MSN, AOL, etc.)  After
    monitoring several Internet usage reports, I found traffic in the thousands
    to:  http://ar.atwola.com.   Once  you visit the sight it immediately takes
    you  to  the  "AOL  Anywhere"  portal.   I have also found numerous hits to
    http://toolbar.aol.com.
    
    Can  anyone  in the group confirm for me whether or not a backdoor into AOL
    exists  allowing  a  user  to  by-pass  Firewall  restrictions  in order to
    retrieve their E-mails?
    
    Regards,
    
    Jeffrey B. Korte,
    Corporate Security Manager
    First Consumers National Bank
    Voice: 503.520.8398
    
    The  information  contained  in this E-mail message and its attachments, if
    any,  may  be privileged, confidential and protected from disclosure.  This
    information  is  the property of First Consumers National Bank.  If you are
    not the intended recipient, any disclosure, copying, distribution, reading,
    or  the  taking  of  any  action  in  reliance  on  or  in response to this
    information  (except  as specifically permitted in this notice) is strictly
    prohibited.  If you have received this transmission and you are not a named
    recipient  or a person authorized to receive email and email attachments on
    behalf  of a named recipient, or if you think you have received this E-mail
    message in error, please E-mail the sender at jeffrey_korte@private
    



    This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 19:09:31 PDT