Talkd storms

Charles Howes (chowes@helix.net)
Sat, 29 Oct 1994 04:42:57 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tim Newsham: "udp packet storms"
Previous message: Charles Howes: "Re: flash-inhibited talkd, and somewhat more secure fingerd"

On Sat, 29 Oct 1994, Jas wrote:

> Charles Howes wrote this...
> > 
> > Lately, there's been a few denial-of-service attacks with a twist,
> > using talkd.
> > 
> > Apparently, if you send the right packet to a talkd port, you can get
> > talkd to pick a fight with talkd on an arbitrary host.  The network
> > between the hosts quickly becomes unusable.
> > 
> > 1) Anyone found the program (can flash do it?) to demonstrate?
> > 2) Anyone fixed it yet?  :-)
> > 
> does it use source routing? have you seen it happen? i am intrigued, and
> sorry i have no futher info on it, but i will scan thorugh the talkd code
> to see if i can find anything that might do this.
> 
> 
> 					Matt

I have been told that the network outage that occurred with our network
provider two days ago was caused by a storm of packets headed to/from
talkd.  A previous storm was rumored to have happened at a local
university several months ago.

It may or may not have involved source routing, it may or may not have
involved a completely bogus packet, carefully crafted on a PC or
root-broken unix box.  Considering that 'flash' doesn't require any
special privileges, this attack may be do-able by anyone with a unix
account.

I'd like to know how it is possible, and how to make it either
  1) Not possible, and/or
  2) Traceable

--
Charles Howes -- chowes@helix.net
I was gratified that I could answer quickly.  I said that I didn't know.
  - Mark Twain

Next message: Tim Newsham: "udp packet storms"
Previous message: Charles Howes: "Re: flash-inhibited talkd, and somewhat more secure fingerd"