Q. How does Aimject work?

A. Aimject works by intercepting connections from hosts on the local network to
   AOL's OSCAR login servers.  Aimject starts by ARP spoofing, poisoning the 
   ARP caches of hosts on the local network, and redirecting their traffic 
   through the Aimject host.  Aimject monitors this traffic for DNS A record
   queries for login.oscar.aol.com and spoofs replies containing the address of
   the Aimject host.  This will cause the victim's AIM client to connect to
   Aimject instead of AOL's servers and allow Aimject to act as a proxy and 
   perform its MITM attacks.


Q. After starting Aimject, nothing appears in the GUI.  Whats wrong?

A. Nothing is wrong, this is the normal operation.  There won't be any activity
   in the GUI until a new AIM user on the network signs on.  Once a new signon
   is intercepted, the screenname will appear in the far-left listbox.  One 
   trick to disrupt current sessions and force them to reconnect through 
   Aimject is to use dsniff's tcpkill on port 5190 for a few minutes.


Q. When starting Aimject, I get an error stating "gmem.c:172 : failed to
   allocate 32 bytes".  What can I do?

A. This seems to happen intermittently on the win32 platform on machines with
   multiple interfaces enabled.  Until a proper fix is implemented, a simple
   workaround is to temporarily disable the other interfaces and leave your
   currently used interface as the only active one.


Q. Everyone on my network loses access once I start Aimject, what's wrong?

A. It is likely that the ARP spoofing is correctly working but your host is not
   forwarding the packets on to the gateway.  Aimject automatically will enable
   IP forwarding at startup, so there is likely another issue preventing the
   forwarding.  Make sure to disable all relevant firewall software.