Re: "Flash"??

Christopher Klaus (cklaus@shadow.net)
Thu, 18 Aug 94 19:19:23 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott Schwartz: "Re: disabling login in V1 #14"
Previous message: Rich Holland: "Re: "Flash"??"
Maybe in reply to: That Whispering Wolf...: ""Flash"??"
Next in thread: jsz: "Re: "Flash"??"

> 
> This isn't so much a security question as a question about a possible denial-
> of-service attack.
> 
> A user on my system talked to me about a program that's going around called
> 'flash', that supposedly uses in.talkd to flood a user's session into 
> unusability. He has a binary for this program, but no source, so I can't
> see what the program actually does.
> 
> He also mentions a patch for in.talkd to prevent this program from working.
> He doesn't know of a source for the patch, etc, though.
> 
> Has anyone seen this one? Anybody know the details?

Flash.c and a perl version of flash are some old programs that send an
escape sequence rather than a username for a talk request. the escape
sequence messes up the person's terminal whoever is flashed. 

Not sure if there is an official patch, but an easy one to tell
your users is to 'mesg n', which disables talk requests. 




-- 
Christopher William Klaus  <cklaus@shadow.net>  <iss@shadow.net>
Internet Security Systems, Inc.         Computer Security Consulting
2209 Summit Place Drive,              Penetration Analysis of Networks
Atlanta,GA 30350-2430. (404)998-5871.

Next message: Scott Schwartz: "Re: disabling login in V1 #14"
Previous message: Rich Holland: "Re: "Flash"??"
Maybe in reply to: That Whispering Wolf...: ""Flash"??"
Next in thread: jsz: "Re: "Flash"??"