[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: AOL client port and possible security risk.
From: "Sami A. Yousif" <syousif () arn ! net>
Date: 1997-01-24 0:05:06
[Download RAW message or body]
Note: I do not work for AOL. This information is the result of
personal testing on my own side.
It seems that AOL has changed the way that their client operates
making previous firewall settings that allowed users behind a firewall
to connect to AOL via TCPIP..
This information has been tested on the Windows95 version of the aol
client 3.0 [the one with MSIE as the default browser]; and may affect
other AOL clients.
The short version:
The new 3.0 AOL client sets up a VPN between the aol network and the
local machine using port 5190 as the connection port.
Long version:
firewall admins who have users who use the aol client and have
configured their firewalls to allow their users to connect to the AOL
network via the TCPIP option of the AOL client may now have a concern
on the way that the AOL client works. It seems that the AOL clients
behavior has been changed from a simple client using a propriety
protocol to a VPN client. When a user installs a new version of the
AOL client on a Win 95 machine the AOL client creates a new network
adapter in the win95 networking control panel "AOL Adapter". This
adapter is analogous to the "Dialup Adapter" that windows 95 has,
except that it is invoked only through the AOL client. When a user
connects through the AOL client to the AOL network, it seems that the
AOL client allows the AOL adapter to get an IP address that on the AOL
network. This means that the local machine has an IP address that is
on AOLs network which is tunneled through port 5190 to the local
machine making any tcpip services that are available on the local
machine vulnerable. [stuff like personal web servers, personal ftp
servers and other items]{the effect is the same as a dialin account,
but many users may not be aware of that}.
To see this in action, use winipcfg when the aol client is installed,
get the IP number that is given on the AOL adapter entry, and try and
access it from a host outside.
[ attached is the output of a route print command showing before and
after routes on the local machine].
----
--
Sami A. Yousif
WT Box 1246
Canyon, TX 79016
Mailto:syousif@arn.net
Mailto:syousif@cyberjunkie.com
Talk :syousif@teddyr.arn.net
Talk :syousif@mc119b.wtamu.edu
Web :http://users.arn.net/~syousif
Using the only viable internet provider in the
Amarillo, TX area [http://www.arn.net/]
Thought for the day:
Dont do anything as root that you can do as a mortal.
Route before AOL client:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 165.95.39.254 165.95.39.11 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
165.95.39.0 255.255.255.0 165.95.39.11 165.95.39.11 1
165.95.39.11 255.255.255.255 127.0.0.1 127.0.0.1 1
165.95.255.255 255.255.255.255 165.95.39.11 165.95.39.11 1
224.0.0.0 224.0.0.0 165.95.39.11 165.95.39.11 1
255.255.255.255 255.255.255.255 165.95.39.11 0.0.0.0 1
Route after AOL client:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 165.95.39.254 165.95.39.11 2
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
152.163.192.0 255.255.224.0 152.173.125.247 152.173.125.247 1
152.163.231.0 255.255.255.0 152.173.125.247 152.173.125.247 1
152.163.232.0 255.255.248.0 152.173.125.247 152.173.125.247 1
152.168.0.0 255.248.0.0 152.173.125.247 152.173.125.247 1
152.173.125.247 255.255.255.255 127.0.0.1 127.0.0.1 1
165.95.39.0 255.255.255.0 165.95.39.11 165.95.39.11 2
165.95.39.11 255.255.255.255 127.0.0.1 127.0.0.1 1
165.95.255.255 255.255.255.255 165.95.39.11 165.95.39.11 1
224.0.0.0 224.0.0.0 152.173.125.247 152.173.125.247 1
224.0.0.0 224.0.0.0 165.95.39.11 165.95.39.11 1
255.255.255.255 255.255.255.255 152.173.125.247 0.0.0.0 1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic