> The program forges a talk request and sends VT100 escape codes to cause the > users screen to become unreadable. > > Two defenses are: > > Block talk from the border router (not usually a desirable option > and will not protect you from internal "attacks") > > Turn off talk requests (mesg n) The correct, third, defense, is to modify talkd to rewrite ESC into caret--left-bracket, or some other harmless sequence. While you're at it, you'd probably want to have it log whenever it received and ESC from someone. I haven't gotten around to doing this, but it should be a fairly trivial patch... -- John Hawkinson jhawk@panix.com