Hi, Quoting Ryan Sweat (ryansat_private): > When a user logs in to AOL using tcp/ip on a LAN, aol assigns them a public > ip address. This ip address is tunneled to the destination within the aol > connection. The problem I have found is when any of the common worms on the > internet happen to scan the 'aol ip', the reply from the users box > ("destination unreachable/port unreachable") is sent through the LAN with > the source of the aol ip address. Many would consider this spoofing. This is called tunneling, not spoofing. As much as i dislike AOL, I wouldn't call this broken (although i would be happy to comment on the weirdness of this system). Tunneling connections trough your firewall is a design issue, not a software vulnerability issue (unless you'd like to mark ipsec, CIPE, ipip, ipv6-over-ipv4 and all other tunneling protocols a vulnerability or spoofing). Spoofing means you answer on a connection, initiate a connection, terminate a connection or meddle in a connection with a source address that is not bound to your host. In this case it is bound to the AOL-ing host, trough the tunnel. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdmat_private for my GnuPG/PGP key. Nine out of ten men who preferred Camels have switched back to women.
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 19:51:26 PDT