BOOTING FOR DUMMIES BY WARCHIEF
BASIC BOOTING METHODS:
1. INVITE BOMB - Done manually by repeatedly typing "/invite johnnyboy_123" in the YM message box.
Booting using this method is automated using a script either written in VB or Perl. Repeated execution of "/invite " denies the victim of access to other resources in the client software (YM) such as access to the "ignore" button. Unless the victim has an "anti invite bomb" program, the alternative is to do a "CTRL-ALT-DELETE" and end the YM program.
DEFENSE: Enable the "Ignore Chat Invitations" and "Ignore anyone not in my friend's list" buttons in your YM.
2. VOICE BOMB - Done manually by repeatedly clicking on the "voice" button in the IM window.
Booting using this method is automated using a script either written in VB or Perl. Repeatedly clicking on the "Voice" button denies the victim of access to other resources in the client software (YM) such as access to the "ignore" button. Unless the victim has an "anti voice bomb" program, the alternative is to do a "CTRL-ALT-DELETE" and end the YM program.
DEFENSE: Get an anti voice bomb program
3. CAM BOMB - Ever experienced getting thousands of invitations to view your own webcam?
Unless you have a real webcam, you would not be able to invite others repeatedly similar to invite and voice bombing. From the user's side, one has to use a program and another yahoo id to do this. The effect however is the same achieved with the invite and voice bomb except the requirement for another yahoo id.
DEFENSE: Get an anti cam bomb program
4. FLOODING - The basic objective here is to make the victim's PC run out or memory resources. One can actually copy text from a notepad editor such as "(~~)(~~)(~~)(~~)(~~).....**==" for example and paste it to the IM window to display the Halloween smiley. Of course, a programs automates the task of doing this.
Smileys have been the most commonly used "flooder" but yahoo have been constantly updating the client software on the number of smileys or patterns that can be displayed on the PC. However, other methods such as "invalid font size", "invalid URL ", "invalid html tags" have also been used alternatively by the creators of the boot programs that we so love to counter the counters made by yahoo.... what a predicament!
Most boot programs have target options of "chat" or "pm".
IM DEFENSE: Enable the "Ignore anyone not in my friend's list" buttons in your YM.
CHATROOM DEFENSE:
- Use alternative chat client - Java, cheetah, yahelite, etc.
- Download the latest version of YM at http://www.yahoo.com (doesn't always work)
5. PROTOCOL BOMB - From the program users side, one logs in using the protocol boot program with another yahoo id different from that used in the chatroom, does the invite from the server. Victim receives massive invites, PMs', decline from a ebcam invite, conference, etc.
6. DENIAL OF SERVICE
This is not a common booting technique but it is a method of "booting"
This is the most commonly used hacking technique and is also known as "ping of death". This vulnerability on the size of the packet that can be sent to a host using the "ping" command was already fixed by most OS companies way back 1997 (I think) . I've tried this recently using WIN2K and the largest packet I can send is 1000. In the old days, packet size larger than 65536 can be used for "nuking". So how does this work? large packet pinging makes the pinged hosts use most of it's resources to reply to the ping.
BOOT WARS - FIGHTING BACK, ROOM CLEANING.