home *** CD-ROM | disk | FTP | other *** search
- Date: Fri, 6 Nov 1998 01:46:17 -0600
- From: owner-bugtraq@netspace.org
- To: BUGTRAQ@netspace.org
- Subject: various *lame* DoS attacks
-
- Aleph,
-
- None of this is as cool as finding buffer overflows in sshd, but it may be
- of interest to some people.
-
- 1) DoS attack against people using AOL
-
- This DoS attack comes from a poor implementation of AOL Instant Messenger's
- warn "feature." You'll need to have AIM to create this DoS attack against
- someone using AOL.
-
- How it works:
-
- AOL's Instant Messenger has an option that allows you to "warn" other
- users. If you warn someone who is using Instant Messenger, they are
- notified that they've been warned by another user. What's interesting is
- that you can warn people using AOL, and they will not be notified that
- they've been warned. The warning system is based on percentage, and you
- can only get someone to a maximum of 35%. However, if you sign off the
- Instant Messenger service, and then sign back on, you'll be able to start
- warning them again. (70%) Repeat the log on/off trick, and continue to
- warn your buddy on AOL until they're at 100%. What happens then is that
- they'll be disconnected from AOL if they send more than 1 instant message
- every 10-15 seconds. The AOL person has no idea what has happened to them,
- and when they're booted from the service, the message they receive isn't
- very informative. Lots of fun to be had with this one. (note: you can
- only send as many warnings as messages you receive from a person, so you
- must engage your target in some type of conversation.)
-
- Fix:
-
- 1) Don't use AOL
- 2) If you use AOL, don't talk to people using Instant Messenger
-
- Has AOL been notified:
-
- Yes, but they didn't sound too interested since all I got back was a
- generic letter.
-
-
