This isn't so much a security question as a question about a possible denial- of-service attack. A user on my system talked to me about a program that's going around called 'flash', that supposedly uses in.talkd to flood a user's session into unusability. He has a binary for this program, but no source, so I can't see what the program actually does. He also mentions a patch for in.talkd to prevent this program from working. He doesn't know of a source for the patch, etc, though. Has anyone seen this one? Anybody know the details? -WW