From what the current AIM docs say to warn someone they must reply or send an IMto the person who is warning them. Therefor unless the person responded to all the sn's they would not be able to get warned. ---- Forwarded message from John Scimone <jscimoneat_private> ----- Mailing-List: contact vuln-dev-helpat_private; run by ezmlm Precedence: bulk List-Id: <vuln-dev.list-id.securityfocus.com> List-Post: <mailto:vuln-devat_private> List-Help: <mailto:vuln-dev-helpat_private> List-Unsubscribe: <mailto:vuln-dev-unsubscribeat_private> List-Subscribe: <mailto:vuln-dev-subscribeat_private> Delivered-To: mailing list vuln-devat_private Delivered-To: moderator for vuln-devat_private From: John Scimone <jscimoneat_private> To: vuln-devat_private Subject: possible AIM dos? Date: Tue, 9 Oct 2001 19:14:44 -0400 X-Mailer: KMail [version 1.2] After reading this outdated article regarding AOL Instant Messenger's "warn" feature: http://www.attrition.org/security/denial/w/aim-warn.dos.html I began to wonder what type of restrictions were put on it. Does anyone know what is stopping someone from registering multiple screen names, then sending warnings from each of those names, all targeted at the same user thus keeping that user at a 100% warning level denying them the instant messenger service for the most part? any thoughts are appreciated. thanks. John Scimone ----- End forwarded message -----
This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 18:39:24 PDT