Re: He gets me off the reflector, how ?

Mike Baranowski (
Mon, 26 May 1997 02:30:32 -0500

Steve Edgar <> wrote:

>There are several ways a person, who is not the system administrator of a
>reflector, can "throw someone off" of a reflector. One way exploits an
>oversight in the Cornell reflector code, and will only work if a Cornell
>reflector is being used. White Pine has since closed this hole, and so it
>doesn't exist in their reflectors. However there is another method that
>will work on any participant, regardless of what kind of reflector (White
>Pine or Cornell) is being used.
>The "CU-SeeMe conference control protocol" could be modified to thwart all
>attempts at surreptitious disconnects. This modification would not be
>difficult, but would require a change in the both the reflector and
>"client" code. It would be necessary for White Pine to initiate this
>change, since Cornell no longer develops reflector software. Cornell could
>then incorporate the change into its Windows and Mac clients, as soon as it
>was available in White Pine reflectors.
>-- Steve.
>At 09:10 AM 5/23/97, Ciaran Carter wrote:
>>I did hear somewhere about a bug in cuseeme that allows someone to send a
>>"dissconnect from reflector" message from a client to the reflector and
>>have it then reflected to another client thus forcing them off. It may be
>>>Nico Pot wrote:
>>>> Hi all,
>>>> This evening I was on Biker Cafe ( and there was a very
>>>> man that was yelling to anyone, lurkers buy a f.... cam and when they say
>>>> something back he say, I will trow you off the ref.
>>>Gosh what a jerk! Sorry you had this happen. I am curious how he did it,
>>>too, but I do have a suggestion. The reflectors in Japan are very nice.


>From what I understand, the White Pine v2.1 still contains the hole that
forwards the disconnect packet. I heard that a one line fix is available
for the Cornell source...(just fyi folks).

Sure would be nice to get a technical description (mentioned a couple weeks
ago) of the packets used for CU-SeeMe. What is a 'kClient' packet? Kill
Client? Saw that in the log, shows an ip sending the KClient to me....more
information would be nice (Cornell? White Pine?)

If someone has a copy of RefRanger, I sure would like to get a copy of it!

Mike Baranowski