Vulnerability Development mailing list archives
Broken AOL Code - spoofing
From: "Ryan Sweat" <ryans () cecentertainment com>
Date: Fri, 5 Oct 2001 09:07:23 -0500
Hello, When a user logs in to AOL using tcp/ip on a LAN, aol assigns them a public ip address. This ip address is tunneled to the destination within the aol connection. The problem I have found is when any of the common worms on the internet happen to scan the 'aol ip', the reply from the users box ("destination unreachable/port unreachable") is sent through the LAN with the source of the aol ip address. Many would consider this spoofing. It concerns me that computers which run AOL in my LAN are reachable from the 'outside', providing a way to bypass the security which I have in place at my routers and firewalls to prevent such. AOL was notified and they stated that "We do not support AOL in networks", so if they aren't concerned about it, maybe you guys are. Ryan Sweat h3xm3 () swbell net
Current thread:
- Broken AOL Code - spoofing Ryan Sweat (Oct 05)
- Re: Broken AOL Code - spoofing Robert van der Meulen (Oct 05)