Vulnerability Development mailing list archives
Re: possible AIM dos?
From: lazy <lazy () bsdbox org>
Date: Tue, 09 Oct 2001 22:10:52 -0400
You cannot warn someone unless they send you a message. However, if you register and use 27 or so different screen names, using a client such as GAIM which makes it possible. You can harrass them to the point where they beg you to stop. Their begging allows you to warn them to 100%, rendering their account useless. A workarround to this, and nearly any other AIM "attack" is simple. Block all users not on your buddy list in your Privacy settings. However, this is a pretty paranoid method to use. It's possible and does work. With most people you can do it within 3 minutes. Note that when registering accounts, you'll have to use multiple email addresses. But since you never have to really confirm your AIM accounts by replying to the E-mail it won't matter. // lazy John Scimone wrote:
After reading this outdated article regarding AOL Instant Messenger's "warn" feature: http://www.attrition.org/security/denial/w/aim-warn.dos.html I began to wonder what type of restrictions were put on it. Does anyone know what is stopping someone from registering multiple screen names, then sending warnings from each of those names, all targeted at the same user thus keeping that user at a 100% warning level denying them the instant messenger service for the most part? any thoughts are appreciated. thanks. John Scimone
-- ..:: Too many people... Too few neurons. PGP: RSA 2048bit 0xB7673053 (keyserver.pgp.com) Web: http://packetjunkie.net http://bsdbox.org
Current thread:
- possible AIM dos? John Scimone (Oct 09)
- Re: possible AIM dos? Matthew Sachs (Oct 09)
- Re: possible AIM dos? lazy (Oct 09)
- RE: possible AIM dos? leon (Oct 11)
- <Possible follow-ups>
- RE: possible AIM dos? Clarke, Matthew J (Oct 10)
- Re: possible AIM dos? Deigodude (Oct 10)
- RE: possible AIM dos? leon (Oct 11)