Vulnerability Development mailing list archives

Re: possible AIM dos?

From: Matthew Sachs <matthewg () zevils com>
Date: Tue, 9 Oct 2001 21:21:54 -0400

On Tue, Oct 09, 2001 at 07:14:44PM -0400, John Scimone wrote:

After reading this outdated article regarding AOL Instant Messenger's "warn" 
feature:

http://www.attrition.org/security/denial/w/aim-warn.dos.html

I began to wonder what type of restrictions were put on it.  Does anyone know 
what is stopping someone from registering multiple screen names, then sending 
warnings from each of those names, all targeted at the same user thus keeping 
that user at a 100% warning level denying them the instant messenger service 
for the most part? 
any thoughts are appreciated.
thanks.


In order to be able to warn someone, that person needs to have, say,
sent you an instant message.  You can only warn someone once for every
IM they send you.

-- 
Matthew Sachs   <matthewg () zevils com>  <matthewg () wombatbanana com>
http://www.zevils.com/ * GPG key: 0x600A0342 * PGP key: 0x93EA1151
#The original nonstandard deviant# (((T^E)%(PQ))^D)%(PQ) = RSA-NOP

Current thread:

possible AIM dos? John Scimone (Oct 09)
- Re: possible AIM dos? Matthew Sachs (Oct 09)
- Re: possible AIM dos? lazy (Oct 09)
- RE: possible AIM dos? leon (Oct 11)
- <Possible follow-ups>
- RE: possible AIM dos? Clarke, Matthew J (Oct 10)
- Re: possible AIM dos? Deigodude (Oct 10)
- RE: possible AIM dos? leon (Oct 11)