Re: ICQ exploit

[Guillaume Belanger <GBelanger () CORADIANT COM>]

Well its quite obvious to me that the ICQ client has a way to authenticate
messages which are sent from the servers at mirabilis.com and those sent
from third parties. Youcould basically spoof any kind of incoming message
from the system and do all kinds of nasty stuff providing you can lead the
client side to believe you are mirabilis servers ..


Guillaume




                    Bodie
                    <mclarkc () ESSEX AC.        To:     VULN-DEV () SECURITYFOCUS COM
                    UK>                       cc:
                    Sent by: VULN-DEV         Subject:     Re: ICQ exploit
                    List
                    <VULN-DEV@SECURITY
                    FOCUS.COM>


                    03/28/01 08:49 PM
                    Please respond to
                    Bodie






On Wed, 28 Mar 2001, Ed Rolison wrote:

> > While playing around with my laptop and desktop today I noticed
something
> > with ICQ.
> >
> > If you have ICQ setup on 2 machines using the same ICQ number, as soon
as
> > the second machine starts ICQ up the first machine gets an error about
your
> > ICQ number being used on another machine and immediately takes ICQ off
line.
> > I don't know the mechanism that allows this but has anyone considered an
> > exploit based upon this mechanism? Seems to me a sequential run could
knock
> > a whole bunch of people off ICQ..
>
> I've noticed this behaviour, although correct me if I'm wrong, but to do
this
> you need to actually log on to ICQ - thus you can't do it, because you'd
need to
> crack every account...

I'm not sure about this, i'm gunna check it out tonight, but i think it
would be possible to forge the message that is sent to the client to make
it disconnect, and if that is possible then it definately is possible to
crash the icq network completely quite easily