Vulnerability Development mailing list archives
Re: ICQ Spoofing Question (or second dumb question of the day)
From: Riley Hassell <riley () SPEAKEASY NET>
Date: Tue, 19 Sep 2000 12:11:22 -0700
There are also various buffer-overflows in many of the chat clients. The trick is avoiding the server. The server does almost all of the sanity checks for Client->Server->Client chat protocols. If you can send a msg to the Client directly, avoiding the Server totally, you can do all sorts of crazy things. I found an overflow in micq quite some time ago involving the url comment field. Check the source... It's still there. If you look through the various client's you'll notice all sorts of security problems. The coders don't expect you to bypass the server. Fortunatley, writing raw packets is not for the weak hearted. Therefor this area hasn't really been explored by the script-kiddie alike. Riley Hassell Tier 3 - Abuse Mail Speakeasy Network Phone : 206-728-9770 Email : riley () speakeasy net On Tue, 19 Sep 2000, Robert van der Meulen wrote:
Hi, Quoting Leon Rosenstein (l_rosenstein () MONTELSHOW COM):Mandatory opening statement; I am not sure if this is meant for this list but I have feeling it is. Please flame me in private ;)I think it isn't :)Is it possible (with any OS, or ICQ Clone) to spoof being a random chatter?A search with almost any search engine on something like 'icq spoofing' would probably have turned up with the results you're looking for, one of them probably being a tiny little C source called icqspoof.c . Greets, Robert van der Meulen -- | rvdm () cistron nl - Cistron Internet Services - www.cistron.nl | | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Life is a sexually transmitted disease with 100% mortality.
Current thread:
- ICQ Spoofing Question (or second dumb question of the day) Leon Rosenstein (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Riley Hassell (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Sander Smeenk (CistroN Medewerker) (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Masial (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 21)
- Re: ICQ Spoofing Question (or second dumb question of the day) dis (Sep 22)
- Message not available
- Re: ICQ Spoofing Question (or second dumb question of the day) Audun (Sep 24)
- Re: ICQ Spoofing Question (or second dumb question of the day) Bluefish (P.Magnusson) (Sep 23)
- Re: ICQ Spoofing Question (or second dumb question of the day) Masial (Sep 24)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) 3APA3A (Sep 20)