Vulnerability Development mailing list archives

RE: possible AIM dos?

From: "leon" <leon () inyc com>
Date: Thu, 11 Oct 2001 13:01:58 -0400

No it does not work like that because not every single time will the
auto response respond.  However it will respond like once every 10
minutes or so so indeed this is possible if you don't mind spending the
time.  Additionally you could just do that from several screen names and
it might be effective.  HOWEVER AIM can be programmed not to respond
with the away message to people on your list.

That kind of throws a kink in the whole thing right there.

I cc'ed the list because I think this is important point; you can
configure aim (for windows not sure about other platforms) to NOT
respond with an auto response if the person is not on your list.

HTH

Leon

-----Original Message-----
From: John Allen Scimone [mailto:jscimone () cc gatech edu] 
Sent: Thursday, October 11, 2001 12:58 PM
To: leon
Subject: RE: possible AIM dos?

so if someone is away with an auto reply. you can message them, receive
their awway message, warn 35%, restart and repeat 2 times to get them up
to 100% that easyt?

                                        
                        -John Allen Scimone (jscimone () cc gatech edu)

On Thu, 11 Oct 2001, leon wrote:

You are only allowed to warn someone 35 percent in one "session".

Then

if you restart (aim) you can warn them another 35 percent however they
have to respond to your messages for this to effective.

HTH

Leon

-----Original Message-----
From: John Scimone [mailto:jscimone () cc gatech edu] 
Sent: Tuesday, October 09, 2001 7:15 PM
To: vuln-dev () securityfocus com
Subject: possible AIM dos?

After reading this outdated article regarding AOL Instant Messenger's
"warn" 
feature:

http://www.attrition.org/security/denial/w/aim-warn.dos.html

I began to wonder what type of restrictions were put on it.  Does

anyone

know 
what is stopping someone from registering multiple screen names, then
sending 
warnings from each of those names, all targeted at the same user thus
keeping 
that user at a 100% warning level denying them the instant messenger
service 
for the most part? 
any thoughts are appreciated.
thanks.

John Scimone

Current thread:

possible AIM dos? John Scimone (Oct 09)
- Re: possible AIM dos? Matthew Sachs (Oct 09)
- Re: possible AIM dos? lazy (Oct 09)
- RE: possible AIM dos? leon (Oct 11)
- <Possible follow-ups>
- RE: possible AIM dos? Clarke, Matthew J (Oct 10)
- Re: possible AIM dos? Deigodude (Oct 10)
- RE: possible AIM dos? leon (Oct 11)