SOmeone does not need to send you a message though, attacks like this are very popular against people who are "away". when you are away your aim client automaticly responds to a IM allowing you to warn the person 3 times. -----Original Message----- From: Matthew Sachs [mailto:matthewgat_private] Sent: Tuesday, October 09, 2001 9:22 PM To: vuln-devat_private Subject: Re: possible AIM dos? On Tue, Oct 09, 2001 at 07:14:44PM -0400, John Scimone wrote: > After reading this outdated article regarding AOL Instant Messenger's "warn" > feature: > > http://www.attrition.org/security/denial/w/aim-warn.dos.html > > I began to wonder what type of restrictions were put on it. Does anyone know > what is stopping someone from registering multiple screen names, then sending > warnings from each of those names, all targeted at the same user thus keeping > that user at a 100% warning level denying them the instant messenger service > for the most part? > any thoughts are appreciated. > thanks. In order to be able to warn someone, that person needs to have, say, sent you an instant message. You can only warn someone once for every IM they send you. -- Matthew Sachs <matthewgat_private> <matthewgat_private> http://www.zevils.com/ * GPG key: 0x600A0342 * PGP key: 0x93EA1151 #The original nonstandard deviant# (((T^E)%(PQ))^D)%(PQ) = RSA-NOP
This archive was generated by hypermail 2b30 : Wed Oct 10 2001 - 21:31:15 PDT