The AOL Protocol
When you hear the phrase “The AOL Protocol”, I bet most of you immediately think of FDO, right?
Although FDO is a part of the AOL protocol, it in no way encompasses the big picture. When I use
the term “The AOL protocol”, I refer to how the AOL client and server interact with each other,
how data is prepared, how it is sent, and how it can be manipulated.
There currently exists no formal documentation of the AOL protocol, or at least one that is
publicly available. For this reason, I have taken it upon myself to strip the bits of
information from my feeble mind and write a document with at least basic information about
the AOL protocol. The information included in this document is what I have learned, from
exploration, help from others, and just stumbling upon it. I in no way guarantee the accuracy
of the information contained herein. That said, here is what I know.
a1m fear
accuracy
afextz
africanninjas
aim tempy
aimbionet
aimnymike
airtuh ily
almost tipsy
ambidextrism
atb
azz
ACK Tunneling Trojans
– Arne Vidstrom, arne.vidstrom@ntsecurity.nu
Summary
Trojans normally use ordinary TCP or UDP communication between their client and server parts. Any firewall between the attacker and the victim that blocks incoming traffic will usually stop all trojans from working. ICMP tunneling has existed for quite some time now, but if you block ICMP in the firewall you’ll be safe from that. This paper describes another concept, that I call ACK Tunneling. ACK Tunneling works through firewalls that don’t apply their rule sets on TCP ACK segments (ordinary packet filters belong to this class of firewalls).







