[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] AOL problem?

To: Neil Ratzlaff <Neil.Ratzlaff@ucop.edu>, fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] AOL problem?
From: "Chapman, Matt" <chapmam2@ocps.k12.fl.us>
Date: Fri, 2 Apr 1999 16:30:57 -0500
Cc: "Sherman, Gay" <shermang@ocps.k12.fl.us>, Network <network@ocps.k12.fl.us>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Just for fun I called AOL about this issue!  I got the normal tech support
that then uped me over and over again.  I then spoke to a nice gentleman
that proceeded to tell me that it is not his fault (or AOL's for that
matter) that there software uses ports other than what it claims.  And I
quote "you need to contact your firewall vendor to get a patch, I would
guess sorry.."  Then I asked him how do you patch a ruleset to not allow
port 80 for your product and allow port 80 for everyone else? (rhetorical
question)...  "Well they would have to figure that out."  I replied with
that is not possible since your software apparently is using web ports the
same as web sites.  So in order to block you I would have to block web!
"Don't know how to help you but I can tell you that for all support callers
today I can offer you a free month of service..."  No thanks, I have a real
ISP!

Matthew Chapman
Sn. Unix Admin
OCPS

-----Original Message-----
From: Neil Ratzlaff [mailto:Neil.Ratzlaff@ucop.edu]
Sent: Friday, April 02, 1999 2:36 PM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] AOL problem?



I don't have facilities to check this, so does anyone else know about this?
Posting found on the web:

"I've recently been trying to put an access list in my router that would
block AOL's Instant Messenger (AIM) traffic. The task seemed simple enough;
just block IP traffic on ports 5190-5193. AOL has been "given" those ports
for it's Internet duties and AIM uses them as well. 

"I blocked the ports and fired up AIM to test it out. If you look in the
config for AIM you will see that it tries to use 5190, just like it should.
Although the user CAN change this setting, I'm counting on the fact that
most users won't understand it's meaning and leave it alone. Well, AIM
tried for a few minutes and actually connected! I looked in the config and
AIM had changed to a new port automatically. What port? You guessed it,
port 80. Since port 80 is a well-known port for HTTP traffic, it is usually
left open by sys admins to allow their users to surf. 

"This is obviously a deliberate attempt on the part of AOL to get around a
corporate firewall when the AOL ports have been blocked. I put those
filters there for a reason as it is *our *discretion what runs on our LAN,
not AOL's. I doubt network administrators would appreciate AOL's end-run
around their security systems. "


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Pre-shared Secrets (IKE)
Next by Date: [FW1] Interesting notion...
Prev by thread: RE: [FW1] AOL problem?
Next by thread: Re: [FW1] AOL problem?
Index(es):
- Date
- Thread