[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
This isn't "a problem with FW-1" or any other firewall. The problem is that IM is designed to, well scan open ports, or at least certain ports, with the specific intent of bypassing any firewalling. I had a client who wanted all forms of IM locked down with minimal notice to staff. As a result, when the lockdown took place, a lot of people still had AOL IM running. The technique we used was to blackhole the AOL servers corresponding to login.oscar.aol.com (or at least those known). Because I wanted to watch the impact of the lockdown, I enabled logging on the rule that blocked access to the IM servers. The log started filling up with drops, FAST, which was good. But what was interesting was this: The AIM clients didn't know that was the issue, though-- they assumed that it was a port block. So I was watching these things try every known port they could come up with-- http, telnet, ftp, nntp, smtp, 5050 (the default AIM port, I think) and one or two others. They didn't get anywhere, but man, they were trying hard. Needless to say, software that is designed like this is going to take advantage of your need to talk to the Internet via *something* regardless of what firewall you have. End 'o convo. And the problem is probably going to get worse as software vendors convince themselves that their right to turn a profit trumps your company's right to determine what is flying in and out of its network. Scary, huh? Hope this helps. -----Original Message----- From: A, Kaustubh [mailto:[email protected]] Sent: Wednesday, June 12, 2002 6:05 AM To: [email protected] Subject: [FW-1] [fw-1] Instant Messenger bypass FW-1 Folks, I came to know about an article of Gartner saying that their are some IM bypassing Firewall by scanning open ports. Has anybody tested this CP FW-1 NG? I am afraid if this is a problem with FW-1!!! Firewall Bypass Technology AOL's Instant Messenger has a uniquely slippery client that is designed to bypass firewall port blocking technology, making the product easy to configure from behind a firewall. For example, the AOL client will use any available port, scanning even those reserved for domain naming system (DNS) lookup. This technology enables unsophisticated users to sneak past a firewall with relative ease, effectively establishing breaches in the corporate firewall. Kaustubh A. Technical Consultant HP Services ---------------------------------------------------------------------------- ------- 101-105 Enterprise Center, CTS#55 Off Neharu Road, Vile Parle (East) Mumbai 400099. *+91 (0) 22.616.7331 *GSM:*: [email protected] URL: http://www.ho.com/in ---------------------------------------------------------------------------- ------- ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|