The risks of using an AOL client behind a firewall Many users wish to use AOL client or AIM (AOL Instant Messenger) behind the company firewall. However, opening the firewall for an AOL client can present a security risk to the entire network. AOL client connects to the AOL server at port 5190. This is usually easy enough for the administrator to configure the firewall to allow this port (5190), and the client will work properly. However, the AOL client establishes an IP tunnel to the AOL server and creates a VPN between the AOL network, and the Client's network (with the assistance of the AOL client of course), this basically allows complete communication between the client and the remote server (the AOL client receives an IP address on the virtual network, and therefore there is no way the firewall can limit this communication), and this also means that the client is now exposed to all kinds of IP based attacks, such as nukes, access to personal web servers and ftp servers, and much more, from anyone on the Internet (All they have to figure out is the Virtual IP address given by the AOL server). The firewall is basically helpless against this, because this is all going through port 5190 which was allowed for communication by the administrator. To see it in action, start your AOL client, and run "winipcfg" (under Windows 95) to see you have a new adapter (besides the dial-up-adapter or network adapter you used to connect to the Internet with). This adapter will have its own IP and gateway information. AOL's home page is at: www.aol.com For information on how to connect AOL client through a firewall, see: http://webmaster.info.aol.com/firewall.html