[FW1] AOL problem?

[Neil Ratzlaff <Neil.Ratzlaff@ucop.edu>]

I don't have facilities to check this, so does anyone else know about this?
Posting found on the web:

"I've recently been trying to put an access list in my router that would
block AOL's Instant Messenger (AIM) traffic. The task seemed simple enough;
just block IP traffic on ports 5190-5193. AOL has been "given" those ports
for it's Internet duties and AIM uses them as well. 

"I blocked the ports and fired up AIM to test it out. If you look in the
config for AIM you will see that it tries to use 5190, just like it should.
Although the user CAN change this setting, I'm counting on the fact that
most users won't understand it's meaning and leave it alone. Well, AIM
tried for a few minutes and actually connected! I looked in the config and
AIM had changed to a new port automatically. What port? You guessed it,
port 80. Since port 80 is a well-known port for HTTP traffic, it is usually
left open by sys admins to allow their users to surf. 

"This is obviously a deliberate attempt on the part of AOL to get around a
corporate firewall when the AOL ports have been blocked. I put those
filters there for a reason as it is *our *discretion what runs on our LAN,
not AOL's. I doubt network administrators would appreciate AOL's end-run
around their security systems. "


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================