Re: flash-inhibited talkd, and somewhat more secure fingerd

[chowes () helix net (Charles Howes)]

On Fri, 28 Oct 1994, Karl Lehenbauer wrote:

> I've put modified versions of the Berkeley talk daemon, talkd, and the
> Berkeley finger daemon, fingerd, on ftp.neosoft.com:/pub/security.
>
> The talkd should stop denial-of-service attacks that use "flash" to send
> unprintable characters, and it should make it significantly harder to
> get talkd to lie about the hostname of the sender.
>
> The fingerd makes it more difficult to collect usernames on a system by
> preventing the generic "finger @host" style of finger, restricting
> finger to reporting on exact matches of usernames only, plus it logs all
> requests in the syslog, as well as attempting RFC931/1431 authentication.
> You'll still need the wrappers if you want to limit access, twist, etc.  
> If you're really concerned about it, you should shut off fingerd entirely. 
>
> Karl

Lately, there's been a few denial-of-service attacks with a twist,
using talkd.

Apparently, if you send the right packet to a talkd port, you can get
talkd to pick a fight with talkd on an arbitrary host.  The network
between the hosts quickly becomes unusable.

1) Anyone found the program (can flash do it?) to demonstrate?
2) Anyone fixed it yet?  :-)

--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971