Even doing a http "GET ......." (with a lot more periods) will crash the icq 'webserver'. Mind you, ICQ has always had a high "DOSability factor". On Mon, 29 Mar 1999, Ronald A. Jarrell wrote: > Ok, I was a bit surprised when, in playing with the new ICQ99a build 1700 v2.13 > client (which I believe is the first publicly distributed one of the > 99 family), I turned on the "Activate my home page" feature, and turned > my laptop into a web server... > > Complete with a file server that allows by default anything in the > "program files\icq\homepage\root\YOUR#\files" folder to be requested. > Even set up a guest book, chat service, etc... > > After getting over being astonished (yea, they said "turning this on > might increase people's access to your machine, and tell them your > ip address" - of course it will. You're setting up a bloody web server > you idiots. A bad one at that.) I naturally started doing some poking. > > Telnet to your port 80, and enter some non http gibberish. I tried > "quit<cr>" for grins. Blam. Down goes the ICQ client with a GPF. > Got someone else to turn theirs on, and sure enough, managed to shoot > him down too. > > I warned Mirabilis about it. Folks at institutions that worry about > such things, but let their employees run ICQ might want to be aware > that said employees might well be running web servers now and not > evening know it. On you ICQ contact list, if they're on it, said > users show up with a little house next to their name. > > -- > Ron Jarrell > VA Tech Computing Center -- Frank v Waveren fvwat_private ICQ# 10074100
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:00 PDT