COMMAND

    AOL Instant Messenger

SYSTEMS AFFECTED

    AOL

PROBLEM

    's1' found  following DoS  attack on  AOL.   This DoS attack comes
    from  a  poor  implementation  of  AOL  Instant  Messenger's  warn
    "feature."  You'll  need  to  have  AIM  to create this DoS attack
    against someone using AOL.  AOL's Instant Messenger has an  option
    that allows you to "warn" other users.  If you warn someone who is
    using  Instant  Messenger,  they  are  notified  that they've been
    warned by another user.   What's interesting is that you  can warn
    people using AOL, and they will not be notified that they've  been
    warned.  The  warning system is  based on percentage,  and you can
    only get someone to  a maximum of 35%.   However, if you sign  off
    the Instant Messenger  service, and then  sign back on,  you'll be
    able to  start warning  them again.  (70%)   Repeat the log on/off
    trick, and  continue to  warn your  buddy on  AOL until they're at
    100%.  What happens then is that they'll be disconnected from  AOL
    if they send more than 1 instant message every 10-15 seconds.  The
    AOL person has no idea what has happened to them, and when they're
    booted  from  the  service,  the  message  they receive isn't very
    informative.  Lots of fun to be had with this one.  (note: you can
    only send as many warnings as messages you receive from a  person,
    so you must engage your target in some type of conversation.)

SOLUTION

    1) Don't use AOL
    2) If you use AOL, don't talk to people using Instant Messenger