Danslo@xxxxxxxxx wrote: > At the least this causes the other machine to send out more packets than the > average user may have known of, with a little thinking and just as much > resources this could be used as a distributed denial of service attack. Funny, don't even know why I wasted time with this but here goes... Sent the message to a coworker of mine who just installed Pidgin and he received the message just fine. Which (if any) off the record plugins were used (http://www.cypherpunks.ca/otr/) > On the current version of pidgin when this was tested on several OS's it > often froze up the targets IM window for the duration of the attack and > sometimes the entire system performance suffers. While the attack was being > performed the IM window is non-usable. What versions of operating systems to and from? > Discovered by Dan Shinn <danslo@xxxxxxxxx> > Testing by Rick Russel <noneck.net> Sorry to be the spoiled sport/PITA/luzer,/insert-degrading-term-here, to point this out to you but there is not even a remote portion of a cross platform DoS that comes to mind with this. What DOES come to mind is a misconfigured client on one end likely trying to start an off the record IM session with a client without the software causing nothing to show up. Have the (so called) affected machine install OTR then come back with your findings. Also include operating systems on both ends e.g.: While sending x message using Pidgin with my Windows Version X to a friend who was using Pidgin version x on a Windows Version X machine, I noticed the like OMFG I DoS'd him. You'll likely find a bigger response to your problem. This does not sound like a multiplatform DoS to me but more of an ID 10 T error commonly seen. (These are usually associated with PEBKAC issues). I tried to convince my coworker his IM Client crashed but he quickly messaged me back that it didn't. Even after I tried sending a quick while script * 6k messages per second, he still responded back. Kind of like that Verizon interweb Yes video. "Yes... Yes... Yes..." -- ==================================================== J. Oquendo "Excusatio non petita, accusatio manifesta" http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E sil . infiltrated @ net http://www.infiltrated.net
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature