RE: possible AIM dos?

["Clarke, Matthew J" <CLARKE06 () morrisville edu>]

SOmeone does not need to send you a message though, attacks like this are
very popular against people who are "away". when you are away your aim
client automaticly responds to a IM allowing you to warn the person 3 times.

-----Original Message-----
From: Matthew Sachs [mailto:matthewg () zevils com]
Sent: Tuesday, October 09, 2001 9:22 PM
To: vuln-dev () securityfocus com
Subject: Re: possible AIM dos?


On Tue, Oct 09, 2001 at 07:14:44PM -0400, John Scimone wrote:
> After reading this outdated article regarding AOL Instant Messenger's
"warn" 
> feature:
>
> http://www.attrition.org/security/denial/w/aim-warn.dos.html
>
> I began to wonder what type of restrictions were put on it.  Does anyone
know 
> what is stopping someone from registering multiple screen names, then
sending 
> warnings from each of those names, all targeted at the same user thus
keeping 
> that user at a 100% warning level denying them the instant messenger
service 
> for the most part? 
> any thoughts are appreciated.
> thanks.

In order to be able to warn someone, that person needs to have, say,
sent you an instant message.  You can only warn someone once for every
IM they send you.

-- 
Matthew Sachs   <matthewg () zevils com>  <matthewg () wombatbanana com>
http://www.zevils.com/ * GPG key: 0x600A0342 * PGP key: 0x93EA1151
#The original nonstandard deviant# (((T^E)%(PQ))^D)%(PQ) = RSA-NOP