Have you ever pass through the way which I do on yahoo messenger chat, like all sudden kick out of from the chat room when you enter the again some of the freak people laugh at you and some times whole you computer window is filled up bunch of private chat windows. Well I hope lot of people around the globe face the same problem What I was in my past. I am rid of this kind stuff and try to research on it. Today i want to explain what is exactly it is? How its happening? Who is doing this? How it work technically? How to protect from it and what the those programs?
Firstly these rid happens with a small vb .Net socket programs and named as a BOOTER Now in order to understand booters, you need to imagine what’s going on think of your house / flat / unit / cardboard box as your Computer, think of yahoo as a BIG house, build building… Your House is connected to Yahoo, now imagine, your house being connected to yahoo with a piece of STRING, that’s right the same string you used to connect to plastic cups together to talk to each other on, just like that.
So Your House with a long piece of String connected to Yahoo. First of all, Booters come in TWO flavours.
BOOTER FLAVOUR 1
These are the old traditional style booters, IT’s very easy to comprehend, allthat happens is, a Person at the other end sends lots and lots of Bricks down the String to Yahoo, Yahoo then Sends all these bricks down that String to You.
BOOTER <—————————–>YAHOO <———————————-> YOU
{them} { Their String} {your string}
~ = STRONG STRING
= WEAK STRING
It’s easy, it goes from the Booter To Yahoo and then to you…. Then what? Take a trained DOG.. you command it, SIT it sits, Roll Over, it rolls over, what if you told the dog to SIT, ROLL OVER, SIT, ROLL OVER…. either it will look at you and go, NO or get confused and go to sleep… Now each thing that gets sent down the line is a COMMAND or INSTRUCTION…. Your computer (eg, client, Yahoo Messenger) can take many commands.
Eg : The person requested you to view their webcam.
The person requested to see your cam.
The Person sent you an instant message
The Person sent you an invite The person requested you to join their conference
As most people know, there’s a lot of commands that can be sent from 1 person to another person…. These commands are perfect in Moderation, but what if, 50 people all at the same time decided to invite you to see their CAM, that would mean 50 popup boxes, but wait a second, what IF not only you got 50 popup boxes of that, but what if at the same time you got another 50 Instant message boxes. Then you got another 50 popup boxes with Invites to go to their room… Suddenly, hundreds of boxes popup on your screen, and then the Booter decidesto use 200 bots and then ask it all you again, soon you end up with 1000 popupboxes and instructions to do, and you are disconnected. Yahoo Messenger has perfomed an illegal operation, or Windows decides to terminate it because it’s frozen up because it simply CAN’T HANDLE IT ALL.
We can defend these kinda attacks using third party chat like Ymlite,YCHT,YSupra ,Yazak, Yahelite etc. This is what Chat Client Writers put up with when writing clients that used YCHT, back then people could only boot you if you could crash the chat client, Yazak,Yahelite, on the whole do a good job faster the computer the more it can “process” and respond to in time. So that’s how the old style booters work (and still do). you simply crash / stop the client from working, you can “lag” them lag basically makes the Chat client VERY BUSY that it’s not got time to do what you want it to do because it’s doing a million other things because the booter is requesting it to do stuff, so when you type, it gets jerky and it uses up more and more CPU power, LAG although not the end of the world, is annoying, the latest Y!mLite (267.6) has routines put in to prevent even lag now.
BOOTER FLAVOUR 2
Now, same as Booter Flavour 1 with a few key differences…. Remember the String, well in the old days on YCHT before yahoo removed it, this String was made out of steal and nobody could break the string because it was so strong, the only way you could boot someone back then would be to hit the chat client, so hard and to confuse it so much it would just either slow down so much or you would just crash it… So what’s the Difference between YCHT and YMSG/CHAT2 It’s a Different protocol, which means it’s a different string, this string is made out of String quite literally, it breaks easy and it burns easy.
BOOTER <——————–> YAHOO <———————–> YOU
This String is different, it works differentl, and this string breaks easily when given enough of a load…. The D/C Booter (flavour 2) If you send enough commands and requests, the String Breaks quite literally and the connection drops, I say that but that’s not absolutely true. I’ve been doing some tests with various people who have been willing to boot me in the aid of chat clients. The results were very interesting, and this is the conclusion i came to, it fits the theory and would make sense, and is it a BUG on yahoo’s behalf? i think not, I think it’s intentional and i’ll try and explain it. So send too much data down the string it breaks on YMSG/DHTML, so why doesthe string not break at the booters end? it’s quite simple. Each ID that the booter uses to boot you on has it’s own string, collectively eachstring can send data to
YAHOO ——BOOTER 1 YOU ———–YAHOO-—- BOOTER2 —— BOOTER3
and 70/100/200 more ID’s / Bots each with their string sending data out to yahoo and then yahoo sends it back on to the victim, EG YOU. Individually, eg 1 BOT can send as much data as it likes, the client with ease can handle it, 2 bots, the client has to work harder, 3 bots, harder 4 bots harder still, 70 bots, the client has to be pretty good to handle all this incoming data, now here’s how the D/C happens or at least, what we’ve discovered. The Client goes, hey yahoo, got any data for me? Yahoo goes, yes sir, 1 packet Client goes, give it me. and we end up with someone posting something on the screen.The client then goes, GOT ANY MORE? Yahoo replies yeah, here’s 2 more packets, thank you very much, 2 people just imed you, someone said something on the chat screen… now here comes a booter. Client goes, hey yahoo? got any data? Yahoo goes, sure have, here’s 20 packetsclient goes, uh oh, deals with it, by this time, the booter has already sent another 30 packets, yahoo goes, here’s another 20 (keeping the 10 behind in the buffer)chat client goes, give me some more.
So here’s the factors BANDWITH & CPU SPEED If the client can pull the data FAST enough and deal with the data in time BEFORE the booter has chance to send more than both you and yahoo can handle, you should be boot safe.This is proven because some clients last longer than other chat clients on normal booters you see in yahoo, they can attack you for 5 minutes before you get booted, on yaheh, you may only last 1 minute….. WHY??? As i said, it all depends on bandwith and CPU SPEED, if you have a slow connection you’re never going to get the data fast enough from yahoo no matter what, and yahoo will store the data you don’t get until you do get it. Yahoo[ ] So this is what happening Booter sends yahoo data Yahoo[| ] Client goes yahoo got anything? yes…. Yahoo[ ] Yahoo’s buffer empties. Booter Sends Data Yahoo[| ] Client goes yahoo got anything? yes…. Yahoo[ ] Yahoo’s buffer empties. Booter Sends Data Yahoo[|||| ] Client goes, ok thanks Yahoo[ ] but already, the booter just sent a load more packets Yahoo[|||| ] Yahoo[|||||||| ] Chat client goes any more data? yeah… Yahoo[|||||||||||] THAT’S ALL Yahoo’s buffer’s now full, the booter sent more data to yahoo to pass on to you, but you were never able to get the data fast enough, as a result yahoo drops your connection. now then, why is the chat client important for most standard booters?As yahoo get’s sent data, the data you don’t get yahoo keeps it in abuffer, so if you took a booter that never works because it’s oldand can’t send data fast enough, most clients will laugh at it, it can get the data fast enough, IF YOU WERE TO FREEZE the chat client for say 10 or 15 seconds and then resume it , you get instantlydisconnected as tests have shown. so what’s this mean. Take two chat clients, say YahEh and Yahelite. YahEh’s String routines are typically slower than that of say CTake the Data (packet) and use it, in YahEh, it could take say 20ms to perform whatever it has to do, in yahelite, the same routine would take probably only half the time 10ms. So if yahelite and yaheh went up against a decent booter, yaheh would get disconnected at say 7 minutes, yahelite would get disconnected at 14 minutes, faster CPU, maybe 20, with enough CPU power, you could stop the booter from ever booting you, and then the booter will just get a better booter with more bots to send more data at you… The buffer slowly starts to fill because the client can’t get the data fast enough to keep the buffer low… To imagine a buffer, think of a Bucket of Water [ | [ | [~~~ | < [____ | …… < Once the water hits the top, it flows, now the chat client simplyopens the valve at the bottom of the tank, deals with the data displays some text, shows a pm box/window, and then turns on the tap again and gets some more data. if it can do it fast enough before the water gets to the top,you’re not going to be booted. This is why yaheh and yahelite have different times of being booted, this is why some booters go on for 5 – 10 minutes before you get disconnected, the Client’s fast enough but not qute fast enough to get the data out in time.faster the computer, more boot protection, faster the chatclient the more boot protection… simple as that. (Incidently, Y!mLite has clever routines and shuts down none essential parts of the chat client to greatly improve processing time vastlymore faster / superior to that of yahelite) SO WHY DOES IT GET D/CED ? Well the very best Booters don’t take 5 minutes, they don’t even take5 seconds, they’re almost instant why? Because these booters send HUGE DATA very rapidly yahoo’s buffer fills up almost instantly and as a result, yahoo disconnects your connection. MY First theory is that it’s a failsafe, protection.
Similar to like your Electric in your house, jam a metal object into the plug socket and short it out, the fuse trips and you have to reset it.I think this happens to prevent yahoo messenger from doing anything bad, on windows 98, huge amount of packets have been known to cause it to error, so badly it’s made Windows Blue Screen, imagine 100 sounds and pmwindows popping up, so by disconnecting you, Yahoo Messenger does not crash, but you DO get disconnected… annoying.. What can be done about it? If it’s intentional, then nothing it’s not a bug, it’s a failsafe nothing’s going tochange and people will always be booted.
We can only hope yahoo solve this problem by only allowing so many connections from 1 computer, by doing this, not enough data could be forced on 1 user fast enough to fill the buffer up so that yahoo disconnects you. Fortunately, not many people have these GOOD d/c programs, just the old programs that flood you, and Y!mLite is very good at preventing these types of boots very good, other chat clients not so good and after a few minutes they fail to get enough data fast enough to keep the water (buffer) down and as a result they get booted. People refer to these as “strong” “weak” proection, Y!mLite’ currently among if not the very best with these new routines…. What can you do about it? Nothing, i think yahoo want to proect yahoo messenger more than they care about you being disconnected, after all, if someone important was using yahoo messenger, do you think they would want to see a million PM boxes? and hundreds of sound bombs? yahoo messenger just disconnects, 5 minutes later it reconnects and hopefully the booter would have gone
NOTE : BOTS are nothing its all about YAHOO IDS. They will load and log in through the BOOTER.
Feel free and leave a comment
No comments:
Post a Comment