NOt my IP Addy

Discussion in 'other firewalls' started by yodafan, Aug 24, 2002.

Thread Status:
Not open for further replies.
  1. yodafan

    yodafan Guest

    Hey guys,

    Umm just read about the .....forum with best firewall test scan, so i was gona check them out, but before doing the test saw it wasn't my IP addy. Went to symantecs site, which i do regulary, i got a different IP addy that i was about to scan that wasn't mine. This has not always been like that, i usually get my IP addy. Wut could this mean? My ISP is AOL...btw

    YODA
     
  2. controler

    controler Guest

    You using a proxy server of something like JAP?

    or worse yet. Is somebody else tunneling thru your puter?

    oh oh
     
  3. yodafan

    yodafan Guest

    nah no proxy servers... that why i was suprise to see it different.... i haven't change my ISP or ne thing, and every was the same as before since i last scanned, but i get different ip addy. Its some AOL IP..... this is the IP that shows up when i do scans...205.188.197.137, but my real IP is like 172.128.xxx.xxx. I did a whois on 205.188.197.137 but its domain is AOL too..

    yoda
     
  4. yodafan

    yodafan Guest

    ok... umm tried loggin on and off aol, to get new IP addy, went back to test scan place, got my real IP. Logged off the log on, get different... some how its like going on and off... like i'm getting a different IP addy thats not mine, and some times i get my real IP when i look at it at the Test scan place (symantec).
     
  5. yodafan

    yodafan Guest

    got that from symantecs test scan page

    Some network configurations and service providers may mask your actual IP address, causing the scanner to scan the wrong computer. Examples of service providers that mask your IP address are: America Online and @Home

    but its wierd, i've never had this problem before, or is someone else tunneling threw my computer?

    YODA
     
  6. NetWatchman

    NetWatchman Security Expert

    Joined:
    Jul 24, 2002
    Posts:
    31
    Are you using Bring-your-own-access AOL?

    If so, then you will get a second IP address from AOL which is what web sites on the Internet will see you as...the graphic below shows how this works. You will also notice that an AOL "connection" creates a VPN-like tunnel through your firewall, effectively some personal firewalls and certainly ALL NAT-based routers.

    ...though I've brought this up before and I think it's a huge issue, no one seems to think it very significant.
     

    Attached Files:

  7. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    NetWatchman, could you explain what this "tunnelling" is? i've seen this phrase used quite a few times and i have no idea what it means....is this something that is more specific to AOL? (sorry, this is an area i am really lost in)

    how would Yodafan know if someone is tunnelling through his firewall?

    snap
     
  8. YODA

    YODA Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    100
    hey guys,

    Umm can u guys explain the whole tunneling thing? and how i can figure out if its tunneling or just a IP masking by AOL... using aol dsl(dynamic). What are the actual reason i'd be getting a different IP addy whenever i check my IP from a website? But when i do "winipcfg" in run i get my real IP that is totally different. All help and suggestion to figuring out this ... will be much appreciated.

    btw got firewall but no router...

    YODA
     
  9. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    This indeed is serious if that is how it happens. I am no VPN expert but how does the NAT let though the VPN packets without it being comfigured to do so? I know VPNs were made to do this but I thought the NAT had to play ball. What stops anyone from doing this?
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol lmao no no no aol has difrent ip every time you log on it has a proxy and built in fire wall will thats what i was told when i called up complaining lol.

    i got i think 14 user names aol 6.0 and aol 7.0 all give a slightly difrent ip adress

    i think its done threw aol proxy

    i belive thers an aplication that shows your ip that you can see when it changes i think cookie muncher shold me the difrent random ips i was loging on to the internet every time i started it.

    sometimes you can by pass a band cause you have a random ip instead of static ip or something like that im new to this stuff to
     
  11. NetWatchman

    NetWatchman Security Expert

    Joined:
    Jul 24, 2002
    Posts:
    31
    NAT provides firewall-like properties by following a simple rule...inbound packets are blocked, unless there is an existing connection that was initiated by a host behind the NAT device.

    When you launch the AOL client, it established a single TCP connection to an AOL "VPN" server on a specific port: 5190. Once this connection is established, the NAT device will then allow all traffic from the AOL server to be sent to the AOL client that established the connection. All your web surfing, email, IM, etc.. is encapusulated *inside* this single TCP connection... the AOL VPN server then tears off the VPN layer and turns the packets into standard web requests (port 80, email, IM)...but as far as the NAT device is concerned all this activitity is on port 5190 so it is allowed.

    Once the VPN TCP connection is allowed by your NAT device, someone on the Internet can probe the your AOL IP on any port...it will make it's way to the AOL VPN server, be encapsulated in the TCP/5190 connection and pass right through the NAT device...then the AOL client de-encapsulates the probe allowing access to whatever port the attacker chooses (e.g. 27374, Netbios, backorifice, etc...). If you were actually infected, or had open file shares, your NAT device would provide ZERO protection anytime your AOL connection was active.

    The only way to be protected is to use a firewall that understands the AOL vpn adapter and applies it's rules AFTER the VPN-like traffic is de-encapsulated...I haven't tested this against all firewalls, but I do know that Zone Alarm DOES protected against this.


    This is why AOL use within a corporate network is so dangerous....any employee that fires up the AOL client without also using a personal firewall is essentially creating an unprotected conduit through the corporate firewall...if that particular employee PC is vulnerable to something or has a trojan...game over.
     
  12. n00bifEYEd

    n00bifEYEd Guest

    I see. Well I guess I am glad i don't use AOL. Other ISPs may also do this as well I suppose? An easy way to test is to get probed on purpose and see if the firewall catches it. If the firewall has to stop it, then you know, if not then the NAT isn't being bypassed.

    Indeed this is bad mojo for AOHell users. Here that BLAZE? Better get your firewall in order!

    Thank-you for bringing that to my attention Net Watchman, I was unaware of that issue.
     
  13. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    ;) Hi n00bifEYEd! F.Y.I. MRBLAZE uses ZoneAlarm Pro. If what UNICRON says is true about ZA (I believe him), then MRBLAZE is safe--even if he uses AOL!
     
  14. The risks of using an AOL client behind a firewall

    Many users wish to use AOL client or AIM (AOL Instant Messenger) behind the company firewall. However, opening
    the firewall for an AOL client can present a security risk to the entire network.

    AOL client connects to the AOL server at port 5190.
    This is usually easy enough for the administrator to configure the firewall to allow this port (5190), and the client will
    work properly. However, the AOL client establishes an IP tunnel to the AOL server and creates a VPN between the
    AOL network, and the Client's network (with the assistance of the AOL client of course), this basically allows
    complete communication between the client and the remote server (the AOL client receives an IP address on the
    virtual network, and therefore there is no way the firewall can limit this communication), and this also means that the
    client is now exposed to all kinds of IP based attacks, such as nukes, access to personal web servers and ftp
    servers, and much more, from anyone on the Internet (All they have to figure out is the Virtual IP address given by
    the AOL server).
    The firewall is basically helpless against this, because this is all going through port 5190 which was allowed for
    communication by the administrator.

    To see it in action, start your AOL client, and run "winipcfg" (under Windows 95) to see you have a new adapter
    (besides the dial-up-adapter or network adapter you used to connect to the Internet with). This adapter will have
    its own IP and gateway information. AOL's home page is at: www.aol.com For information on how to connect AOL
    client through a firewall, see: http://webmaster.info.aol.com/firewall.html
     
  15. Just for AOL users.......

    http://www.dslreports.com/forum/remark,3442896~root=security,1~mode=flat


    http://www.webattack.com/get/adbuster.shtml



    Ad Buster 1.07 Date added: 5/31/2002
    Developer's web site
    remove AOL advertising
    Ad Buster serves one purpose: to empower AOL users with the tools to regulate the amount of advertising they receive while signed onto the America Online service. At first glance, you may think that there is not much to this program. Essentially, you are correct. There is not much to this program in terms of visual interface. The real power of this program is mostly “behind the scenes”. Simply minimize the Ad Buster window into the system tray and go about your business. When you come across an advertisement in the AOL service you want to close and keep closed, simply right click over it. It will disappear. The ad will automatically be closed the next time you visit that area!



    Our Rating: Popularity:

    License: Freeware Size: 2082 kb Download
    Price: Free 9x/NT/ME/2K/XP Preview It
     
  16. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    I think NetWatchman said that about ZA not UNICRON (great lad that he is)
     
  17. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol yup haveing a fire wall is essenthial when you run aol also proper configuration is a must lucly for the newby za pro comes almost 80 or 90 % pre configer for aol users still a few bugs.


    actualy regarless of what internet sevice provider you use the internet is very dangeriose thers places most avreage users dont know about lets just say thers a warr going on right now and its all high tech.

    ive travled every where on the net and im telling you its just not script kiddies and piraters its so much bigger .

    the internet is like meeting strangers and haveing unprotected sex extreamly dangeriouse you have to wear like 2 condomes just to inter cyber space.
     
  18. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    interesting analogy MR.BLAZE lol :)
     
Thread Status:
Not open for further replies.