Firewall Wizards mailing list archives

Re: aol/aol instant messenger

From: ark () eltex ru
Date: Wed, 29 Sep 1999 11:29:34 +0400

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

James Croall <james () foo org> said :

what is your opinion on letting aol and/or aol instant messenger through
a firewall.  please assume there is, at least, some business 
justification for its use.


AOL Instant Messenger seems pretty safe, for the most part.


Oh really? I remember it was at least one ugly buffer overrun problem 
there and AOL *refuses* to fix it.

Out of the
box it'll run through most firewalls, using an SSL "proxy" or an HTTP
proxy. Most of it's dangerous features (the Rendesvouz (sp?) chat and
file transfer) won't work without more liberal rules on the firewall.

A lot of sites have "no ICQ" and "no AIM" policies, but I can't say I
know many users who abide by them. It's just to easy to run it through
a firewall.


It's a good idea to have a policy like that but it is really hard to
keep it if you have too many ICQ fans in your office and (worse) your boss
is one of them.. :( Pretty common problem, i think.

The complete AOL service, on the other hand, is a bit riskier :-)



A bit? Yes, being compared with well-kown buffer overrun it is just
"a bit".

The
software establishes an IP tunnel between the user's desktop and AOL,
creating a nice back door into your network. There's some code around
here that can block access to the IP Tunnel through your firewall, but
I don't know of any commercial products that have such features.

 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN/G/3KH/mIJW9LeBAQGODAP/bscOwgnosvdfEH3RrE4TWpThRemZNIG3
unpLpFGCpgam8DEzJ0vrFr8MruX0acDKJJtYBkpCq3eOWkNvE0vtAsCOBlD2/1Qo
bKXBxUJ1zpMTkLY2Lvo8t+aV+Sw2kGXKlf8ZOOtAHJHyYJD3Vl6972DKxZfYW6C6
sWyB4DVRt0Q=
=5UAs
-----END PGP SIGNATURE-----

Current thread:

Re: aol/aol instant messenger James Croall (Sep 28)
- <Possible follow-ups>
- Re: aol/aol instant messenger John Stewart (Sep 28)
- Re: aol/aol instant messenger ark (Sep 29)
- Re: aol/aol instant messenger ark (Sep 29)
  - Re: aol/aol instant messenger James Croall (Sep 29)