flash-inhibited talkd, and somewhat more secure fingerd

[karl () hammer1 neosoft com (Karl Lehenbauer)]

I've put modified versions of the Berkeley talk daemon, talkd, and the
Berkeley finger daemon, fingerd, on ftp.neosoft.com:/pub/security.

The talkd should stop denial-of-service attacks that use "flash" to send
unprintable characters, and it should make it significantly harder to
get talkd to lie about the hostname of the sender.

The fingerd makes it more difficult to collect usernames on a system by
preventing the generic "finger @host" style of finger, restricting
finger to reporting on exact matches of usernames only, plus it logs all
requests in the syslog, as well as attempting RFC931/1431 authentication.
You'll still need the wrappers if you want to limit access, twist, etc.  
If you're really concerned about it, you should shut off fingerd entirely. 

Karl