Firewall Wizards mailing list archives
Re: AOL on port 5190
From: "Dave O'Shea" <daveoshea () email msn com>
Date: Fri, 18 Sep 1998 19:17:10 -0500
Besides the generally bad idea of allowing what are likely to be personal use accounts.... Are there known issues, vulnerabilities in opening up port 5190 to allow AOL access from inside -> out?
AOL does create, through a tunneling protocol, an additional IP address on the originating workstation, which can freely communicate (and be communicated with) by anyone outside. My experience is that it does *not* become the preferred address, but in theory could be used to exploit an existing weakness on the 95 or 98 box. I am thinking specifically that if some remote administration software (Tivoli, Seagate, Platinum) was installed, that port could be scanned externally, and if the person doing the scanning knew their stuff, they could hijack the workstation. The down side of restricting this is that it encourages users to sidestep network security, by doing things like installing analog dial-out lines, which have all kinds of security implications. On balance, I think it's safer to allow users to access AOL, but warn them of the possibility of security risks.
Current thread:
- AOL on port 5190 Ferguson, Linwood (Sep 18)
- <Possible follow-ups>
- Re: AOL on port 5190 James Croall (Sep 19)
- Re: AOL on port 5190 Dave O'Shea (Sep 19)