Re: Blocking AOL for Broadband and NOT AIM

From: Don Kelloway (dkelloway_at_commodon.com)
Date: 09/30/04

• Next message: Don Kelloway: "Re: Firewall settings to allow "Windows Updates""
• Previous message: Rob Hughes: "Re: SecureRemote connection drops after 24 hours"
• In reply to: Mike Binns: "Blocking AOL for Broadband and NOT AIM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 30 Sep 2004 00:13:06 GMT

"Mike Binns" <mike@mikebinns.net> wrote in message
news:2796e7bb.0409290739.dff3b85@posting.google.com...
>I am the Internet Manager for our college, and we have content
> filtering on campus. The problem is that one of the ways to get around
> our content filtering is to use the aol client in the TCP (not dial
> up) mode to access websites we block. I checked and the AOL client
> uses the same port as AIM (5190). We want to allow people to use AIM
> for communications, and AOL Mail from the AOL website, but block
> people from using the AOL Client, but blocking port 5190 would
> obviously kill AIM. Any suggestions?
>
> -Mike Binns

>From what I know:

1. The AOL software is specifically coded to use TCP ports 5190 and 11523
when establishing its connection over TCP.

2. The ability to send/retrieve email from the AOL website requires TCP
ports 80 and 443.

3. The AIM software is capable of using *any* port. IOW while its default is
TCP port 5190 it can be easily configured to use something else.

With the above in mind I think you can accomplish the goal of blocking the
AOL software if you configure your firewall to block (deny) all outbound
connections to TCP port 5190 and inform your internal users to configure
their AIM clients to use a port other than 5190.

-- 
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security 
on the Internet".

---

• Next message: Don Kelloway: "Re: Firewall settings to allow "Windows Updates""
• Previous message: Rob Hughes: "Re: SecureRemote connection drops after 24 hours"
• In reply to: Mike Binns: "Blocking AOL for Broadband and NOT AIM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Blocking AOL for Broadband and NOT AIM ... >>I am the Internet Manager for our college, ... I checked and the AOL client ... > TCP port 5190 it can be easily configured to use something else. ... (comp.security.firewalls) Logitech Quick Cam Zoom ... I'm trying to narrow down the ports that AIM ... You can poke a hole in your firewall, ... however I don't know which port it is. ... >have AOL 9.0, you may be able to get help from AOL ... (microsoft.public.windowsxp.general) Re: AIM Port Problem ... I can no longer send files on AIM and I ... like a port I can change it to or whatever else... ... AIM, would be security risks. ... but aol and their stuff is about as secure as a bucket full of holes. ... (comp.security.firewalls) Re: TCP port 5000 syn increasing ... I have noticed the TCP port 5000's also, and I'm getting a fair amount from ... > Security Linux, the comprehensive security solution that combines six ... (Incidents) Re: Almost able to broadcast ... >Thanks for the reply Neil - still on a steep learning curve with this stuff. ... never miss an opportunity to knock AOL;-) ... >about why the WME Live Broadcast wizard offers to find a free port each ... Cheers - Neil ... (microsoft.public.windowsmedia.encoder)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)