Re: "Flash"??

ddrewTymnet.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Christopher Davis: "Re: "Flash"??"
• Previous message: Alan : "Re: "Flash"??"
• Maybe in reply to: That Whispering Wolf...: ""Flash"??"
• Next in thread: Christopher Davis: "Re: "Flash"??"

The program forges a talk request and sends VT100 escape codes to cause the
users screen to become unreadable.

Two defenses are:

Block talk from the border router (not usually a desirable option and will not
  protect you from internal "attacks")

Turn off talk requests (mesg n)

=========================================================================
Dale Drew				      	   MCI Telecommunications 
Manager					            Data Systems Security 
Voice: (408) 922-6526	  	               Internet: ddrewTymnet.COM 
Fax  : (408) 922-8870                          MCIMAIL: Dale_Drew/644-3335  



----- Begin Included Message -----

To: bugtraqcrimelab.com
Subject: "Flash"??
Date: Thu, 18 Aug 1994 10:33:12 -0400
From: "That Whispering Wolf..." <elfchieflupine.org>
Sender: bugtraq-ownercrimelab.com
Precedence: bulk
Content-Length: 554
X-Lines: 14
Status: RO

This isn't so much a security question as a question about a possible denial-
of-service attack.

A user on my system talked to me about a program that's going around called
'flash', that supposedly uses in.talkd to flood a user's session into 
unusability. He has a binary for this program, but no source, so I can't
see what the program actually does.

He also mentions a patch for in.talkd to prevent this program from working.
He doesn't know of a source for the patch, etc, though.

Has anyone seen this one? Anybody know the details?

									-WW


----- End Included Message -----

• Next message: Christopher Davis: "Re: "Flash"??"
• Previous message: Alan : "Re: "Flash"??"
• Maybe in reply to: That Whispering Wolf...: ""Flash"??"
• Next in thread: Christopher Davis: "Re: "Flash"??"