Vulnerability Development mailing list archives
RE: possible AIM dos?
From: "Clarke, Matthew J" <CLARKE06 () morrisville edu>
Date: Wed, 10 Oct 2001 10:40:12 -0400
SOmeone does not need to send you a message though, attacks like this are very popular against people who are "away". when you are away your aim client automaticly responds to a IM allowing you to warn the person 3 times. -----Original Message----- From: Matthew Sachs [mailto:matthewg () zevils com] Sent: Tuesday, October 09, 2001 9:22 PM To: vuln-dev () securityfocus com Subject: Re: possible AIM dos? On Tue, Oct 09, 2001 at 07:14:44PM -0400, John Scimone wrote:
After reading this outdated article regarding AOL Instant Messenger's
"warn"
feature: http://www.attrition.org/security/denial/w/aim-warn.dos.html I began to wonder what type of restrictions were put on it. Does anyone
know
what is stopping someone from registering multiple screen names, then
sending
warnings from each of those names, all targeted at the same user thus
keeping
that user at a 100% warning level denying them the instant messenger
service
for the most part? any thoughts are appreciated. thanks.
In order to be able to warn someone, that person needs to have, say, sent you an instant message. You can only warn someone once for every IM they send you. -- Matthew Sachs <matthewg () zevils com> <matthewg () wombatbanana com> http://www.zevils.com/ * GPG key: 0x600A0342 * PGP key: 0x93EA1151 #The original nonstandard deviant# (((T^E)%(PQ))^D)%(PQ) = RSA-NOP
Current thread:
- possible AIM dos? John Scimone (Oct 09)
- Re: possible AIM dos? Matthew Sachs (Oct 09)
- Re: possible AIM dos? lazy (Oct 09)
- RE: possible AIM dos? leon (Oct 11)
- <Possible follow-ups>
- RE: possible AIM dos? Clarke, Matthew J (Oct 10)
- Re: possible AIM dos? Deigodude (Oct 10)
- RE: possible AIM dos? leon (Oct 11)