Re: possible AIM dos

[Bryan <bcs () 777h org>]

You have to get an IM from a person in order for the warn button to allow
you to press it.  However, is it possible to send a warning code via some
program other than their software?  Is it possible to send warnings with a
specially made program without needing messages from people first...

just a thought.



On Tue, Oct 09, 2001 at 08:20:24PM -0500, Craig Van Tassle wrote:
> > From what the current AIM docs say to warn someone they must reply or send an IMto the person who is warning them.  
> > Therefor unless the person responded to all the sn's they would not be able to get warned.  
>
> After reading this outdated article regarding AOL Instant Messenger's "warn" 
> feature:
>
> http://www.attrition.org/security/denial/w/aim-warn.dos.html
>
> I began to wonder what type of restrictions were put on it.  Does anyone know 
> what is stopping someone from registering multiple screen names, then sending 
> warnings from each of those names, all targeted at the same user thus keeping 
> that user at a 100% warning level denying them the instant messenger service 
> for the most part? 
> any thoughts are appreciated.
> thanks.
>
> John Scimone
>
> ----- End forwarded message -----