Re: AOL on port 5190

James Croall (jcroalltis.com)
Fri, 18 Sep 1998 20:04:14 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: tqbf: "Re: Penetration testing via shrinkware"
• Previous message: Ted Doty: "Re: Penetration testing via shrinkware"
• In reply to: Crispin Cowan: "Re: Penetration testing via shrinkware"

At 06:32 AM 9/18/98 -0500, Ferguson, Linwood wrote:
>Besides the generally bad idea of allowing what are likely to be
>personal use accounts....
>
>Are there known issues, vulnerabilities in opening up port 5190 to allow
>AOL access from inside -> out?

Well, the "AOL protocol" that you see on the wire running over TCP/IP
is the same thing thet you'd see if you tap your modem. As such it *does*
allow for an encapsulated IP connection. In other words, somebody could
connect to AOL via your firewall and have a network interface outside the
firewall.

I've been working on a PPP client that uses AOL's IP services -- it's a cheap
ISP, anywhere in the world.

- James

• Next message: tqbf: "Re: Penetration testing via shrinkware"
• Previous message: Ted Doty: "Re: Penetration testing via shrinkware"
• In reply to: Crispin Cowan: "Re: Penetration testing via shrinkware"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT