That Whispering Wolf... wrote me this... > > This isn't so much a security question as a question about a possible denial- > of-service attack. > > A user on my system talked to me about a program that's going around called > 'flash', that supposedly uses in.talkd to flood a user's session into > unusability. He has a binary for this program, but no source, so I can't > see what the program actually does. > > He also mentions a patch for in.talkd to prevent this program from working. > He doesn't know of a source for the patch, etc, though. > > Has anyone seen this one? Anybody know the details? > yeah this program is quite widely available in IRC cricles, ie for trashing people you dont like off irc. an easy way around this is to type "stty sane^J" after an attack then run tset, and it should clear up (i have been hit a number of times). if you want the source for flash and the source for the patch email me and i'll surf for it. Matt -- Matthew Keenan Systems Programmer Information Technology Division University of Technology Sydney www: http://milliways.itd.uts.edu.au/~matt/ email: matt@uts.edu.au phone: +61 2 330 1390 "Don't murder a man who is about fax: +61 2 330 1999 to commit suicide." home: +61 2 416 5722 -- Machiaveli GCV 2.1 GAT/M/CS d--(-+) H-- s++:-- g+ p? !au a-(?) w+++ v+ C+++$ UVS++++$ P+>+++ L- 3+++ E-(++) N++ K W--- M+ V-- -po+(+) Y+ t+ !5>++ jx R+ G? !tv b+++ D++ B e+ u--(**) h- f+(*) r n- !y