Firewall Wizards mailing list archives
Re: aol/aol instant messenger
From: ark () eltex ru
Date: Wed, 29 Sep 1999 11:29:34 +0400
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, James Croall <james () foo org> said :
what is your opinion on letting aol and/or aol instant messenger through a firewall. please assume there is, at least, some business justification for its use.AOL Instant Messenger seems pretty safe, for the most part.
Oh really? I remember it was at least one ugly buffer overrun problem there and AOL *refuses* to fix it.
Out of the box it'll run through most firewalls, using an SSL "proxy" or an HTTP proxy. Most of it's dangerous features (the Rendesvouz (sp?) chat and file transfer) won't work without more liberal rules on the firewall. A lot of sites have "no ICQ" and "no AIM" policies, but I can't say I know many users who abide by them. It's just to easy to run it through a firewall.
It's a good idea to have a policy like that but it is really hard to keep it if you have too many ICQ fans in your office and (worse) your boss is one of them.. :( Pretty common problem, i think.
The complete AOL service, on the other hand, is a bit riskier :-)
A bit? Yes, being compared with well-kown buffer overrun it is just "a bit".
The software establishes an IP tunnel between the user's desktop and AOL, creating a nice back door into your network. There's some code around here that can block access to the IP Tunnel through your firewall, but I don't know of any commercial products that have such features.
_ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN/G/3KH/mIJW9LeBAQGODAP/bscOwgnosvdfEH3RrE4TWpThRemZNIG3 unpLpFGCpgam8DEzJ0vrFr8MruX0acDKJJtYBkpCq3eOWkNvE0vtAsCOBlD2/1Qo bKXBxUJ1zpMTkLY2Lvo8t+aV+Sw2kGXKlf8ZOOtAHJHyYJD3Vl6972DKxZfYW6C6 sWyB4DVRt0Q= =5UAs -----END PGP SIGNATURE-----
Current thread:
- Re: aol/aol instant messenger James Croall (Sep 28)
- <Possible follow-ups>
- Re: aol/aol instant messenger John Stewart (Sep 28)
- Re: aol/aol instant messenger ark (Sep 29)
- Re: aol/aol instant messenger ark (Sep 29)
- Re: aol/aol instant messenger James Croall (Sep 29)