[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] AOL problem?

To: Neil.Ratzlaff@ucop.edu, fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] AOL problem?
From: Dameon Welch <dwelch@hotmail.com>
Date: Sat, 03 Apr 1999 00:45:06 PST


It may be easier just to block all access to the AOL servers that users 
connect to. Depending on how AIM works, you may even be able to use the 
HTTP Security Server to block access to this. 

-- PhoneBoy

>I don't have facilities to check this, so does anyone else know about 
this?
>Posting found on the web:
>
>"I've recently been trying to put an access list in my router that 
would
>block AOL's Instant Messenger (AIM) traffic. The task seemed simple 
enough;
>just block IP traffic on ports 5190-5193. AOL has been "given" those 
ports
>for it's Internet duties and AIM uses them as well. 
>
>"I blocked the ports and fired up AIM to test it out. If you look in 
the
>config for AIM you will see that it tries to use 5190, just like it 
should.
>Although the user CAN change this setting, I'm counting on the fact 
that
>most users won't understand it's meaning and leave it alone. Well, AIM
>tried for a few minutes and actually connected! I looked in the config 
and
>AIM had changed to a new port automatically. What port? You guessed it,
>port 80. Since port 80 is a well-known port for HTTP traffic, it is 
usually
>left open by sys admins to allow their users to surf. 
>
>"This is obviously a deliberate attempt on the part of AOL to get 
around a
>corporate firewall when the AOL ports have been blocked. I put those
>filters there for a reason as it is *our *discretion what runs on our 
LAN,
>not AOL's. I doubt network administrators would appreciate AOL's 
end-run
>around their security systems. "
>
>
>================================================================================
>     To unsubscribe from this mailing list, please see the instructions 
at
>               http://www.checkpoint.com/services/mailing.html
>================================================================================

Get Your Private, Free Email at http://www.hotmail.com


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] HTTP Ports
Next by Date: Re: [FW1] PPTP & MS Ras...
Prev by thread: RE: [FW1] AOL problem?
Next by thread: RE: [FW1] AOL problem?
Index(es):
- Date
- Thread