Bugtraq mailing list archives
flash-inhibited talkd, and somewhat more secure fingerd
From: karl () hammer1 neosoft com (Karl Lehenbauer)
Date: Fri, 28 Oct 1994 01:16:56 -0500
I've put modified versions of the Berkeley talk daemon, talkd, and the Berkeley finger daemon, fingerd, on ftp.neosoft.com:/pub/security. The talkd should stop denial-of-service attacks that use "flash" to send unprintable characters, and it should make it significantly harder to get talkd to lie about the hostname of the sender. The fingerd makes it more difficult to collect usernames on a system by preventing the generic "finger @host" style of finger, restricting finger to reporting on exact matches of usernames only, plus it logs all requests in the syslog, as well as attempting RFC931/1431 authentication. You'll still need the wrappers if you want to limit access, twist, etc. If you're really concerned about it, you should shut off fingerd entirely. Karl
Current thread:
- flash-inhibited talkd, and somewhat more secure fingerd Karl Lehenbauer (Oct 27)
- Re: flash-inhibited talkd, and somewhat more secure fingerd Charles Howes (Oct 28)