The program forges a talk request and sends VT100 escape codes to cause the users screen to become unreadable. Two defenses are: Block talk from the border router (not usually a desirable option and will not protect you from internal "attacks") Turn off talk requests (mesg n) ========================================================================= Dale Drew MCI Telecommunications Manager Data Systems Security Voice: (408) 922-6526 Internet: ddrew@Tymnet.COM Fax : (408) 922-8870 MCIMAIL: Dale_Drew/644-3335 ----- Begin Included Message ----- To: bugtraq@crimelab.com Subject: "Flash"?? Date: Thu, 18 Aug 1994 10:33:12 -0400 From: "That Whispering Wolf..." <elfchief@lupine.org> Sender: bugtraq-owner@crimelab.com Precedence: bulk Content-Length: 554 X-Lines: 14 Status: RO This isn't so much a security question as a question about a possible denial- of-service attack. A user on my system talked to me about a program that's going around called 'flash', that supposedly uses in.talkd to flood a user's session into unusability. He has a binary for this program, but no source, so I can't see what the program actually does. He also mentions a patch for in.talkd to prevent this program from working. He doesn't know of a source for the patch, etc, though. Has anyone seen this one? Anybody know the details? -WW ----- End Included Message -----