[106] in bugtraq
Re: flash-inhibited talkd, and somewhat more secure fingerd
daemon@ATHENA.MIT.EDU (Charles Howes)
Fri Oct 28 13:18:31 1994
Date: Fri, 28 Oct 1994 06:41:41 -0700 (PDT)
From: Charles Howes <chowes@helix.net>
To: Karl Lehenbauer <karl@hammer1.neosoft.com>
Cc: bugtraq@crimelab.com
In-Reply-To: <199410280616.BAA01509@hammer1.NeoSoft.com>
On Fri, 28 Oct 1994, Karl Lehenbauer wrote:
> I've put modified versions of the Berkeley talk daemon, talkd, and the
> Berkeley finger daemon, fingerd, on ftp.neosoft.com:/pub/security.
> 
> The talkd should stop denial-of-service attacks that use "flash" to send
> unprintable characters, and it should make it significantly harder to
> get talkd to lie about the hostname of the sender.
> 
> The fingerd makes it more difficult to collect usernames on a system by
> preventing the generic "finger @host" style of finger, restricting
> finger to reporting on exact matches of usernames only, plus it logs all
> requests in the syslog, as well as attempting RFC931/1431 authentication.
> You'll still need the wrappers if you want to limit access, twist, etc.  
> If you're really concerned about it, you should shut off fingerd entirely. 
> 
> Karl
Lately, there's been a few denial-of-service attacks with a twist,
using talkd.
Apparently, if you send the right packet to a talkd port, you can get
talkd to pick a fight with talkd on an arbitrary host.  The network
between the hosts quickly becomes unusable.
1) Anyone found the program (can flash do it?) to demonstrate?
2) Anyone fixed it yet?  :-)
--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971