Talkd storms

[chowes () helix net (Charles Howes)]

On Sat, 29 Oct 1994, Jas wrote:

> Charles Howes wrote this...
> > Lately, there's been a few denial-of-service attacks with a twist,
> > using talkd.
> >
> > Apparently, if you send the right packet to a talkd port, you can get
> > talkd to pick a fight with talkd on an arbitrary host.  The network
> > between the hosts quickly becomes unusable.
> >
> > 1) Anyone found the program (can flash do it?) to demonstrate?
> > 2) Anyone fixed it yet?  :-)
> does it use source routing? have you seen it happen? i am intrigued, and
> sorry i have no futher info on it, but i will scan thorugh the talkd code
> to see if i can find anything that might do this.
>
>
>                                       Matt

I have been told that the network outage that occurred with our network
provider two days ago was caused by a storm of packets headed to/from
talkd.  A previous storm was rumored to have happened at a local
university several months ago.

It may or may not have involved source routing, it may or may not have
involved a completely bogus packet, carefully crafted on a PC or
root-broken unix box.  Considering that 'flash' doesn't require any
special privileges, this attack may be do-able by anyone with a unix
account.

I'd like to know how it is possible, and how to make it either
  1) Not possible, and/or
  2) Traceable

--
Charles Howes -- chowes () helix net
I was gratified that I could answer quickly.  I said that I didn't know.
  - Mark Twain