[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] AOL problem?

To: 'Dameon Welch' <dwelch@hotmail.com>, Neil.Ratzlaff@ucop.edu, fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] AOL problem?
From: "Milburn, Rich" <milburnr@lamadd.navy.mil>
Date: Mon, 5 Apr 1999 09:51:19 +0200

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


I don't know anything about writing INSPECT, but could you write code to
look at the packets for AIM packets on port 80 destined for AOL?  Might be a
lot of overhead?  but could it be done?  There have got to be clues in the
AIM packets...

Rich

PS I'd just assume block the suckers as well....

> -----Original Message-----
> From: Dameon Welch [mailto:dwelch@hotmail.com]
> Sent: Saturday, April 03, 1999 10:45 AM
> To: Neil.Ratzlaff@ucop.edu; fw-1-mailinglist@lists.us.checkpoint.com
> Subject: Re: [FW1] AOL problem?
> 
> 
> 
> It may be easier just to block all access to the AOL servers 
> that users 
> connect to. Depending on how AIM works, you may even be able 
> to use the 
> HTTP Security Server to block access to this. 
> 
> -- PhoneBoy
> 
> >I don't have facilities to check this, so does anyone else 
> know about 
> this?
> >Posting found on the web:
> >
> >"I've recently been trying to put an access list in my router that 
> would
> >block AOL's Instant Messenger (AIM) traffic. The task seemed simple 
> enough;
> >just block IP traffic on ports 5190-5193. AOL has been "given" those 
> ports
> >for it's Internet duties and AIM uses them as well. 
> >
> >"I blocked the ports and fired up AIM to test it out. If you look in 
> the
> >config for AIM you will see that it tries to use 5190, just like it 
> should.
> >Although the user CAN change this setting, I'm counting on the fact 
> that
> >most users won't understand it's meaning and leave it alone. 
> Well, AIM
> >tried for a few minutes and actually connected! I looked in 
> the config 
> and
> >AIM had changed to a new port automatically. What port? You 
> guessed it,
> >port 80. Since port 80 is a well-known port for HTTP traffic, it is 
> usually
> >left open by sys admins to allow their users to surf. 
> >
> >"This is obviously a deliberate attempt on the part of AOL to get 
> around a
> >corporate firewall when the AOL ports have been blocked. I put those
> >filters there for a reason as it is *our *discretion what 
> runs on our 
> LAN,
> >not AOL's. I doubt network administrators would appreciate AOL's 
> end-run
> >around their security systems. "
> >
> >
> >=============================================================
> ===================
> >     To unsubscribe from this mailing list, please see the 
> instructions 
> at
> >               http://www.checkpoint.com/services/mailing.html
> >=============================================================
> ===================
> 
> Get Your Private, Free Email at http://www.hotmail.com
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Reason: violated unidirectional connection
Next by Date: [FW1] adding a legal address in a NAT environment
Prev by thread: Re: [FW1] AOL problem?
Next by thread: RE: [FW1] AOL problem?
Index(es):
- Date
- Thread