could someone please tell me what security risks there are involved in using the talk protocol

I don't think that are any outstanding security issues with talk; it hasn't changed in ages.

Are you going to use it on a local LAN or localhost only?

In terms of origin, vulnerabilities and security fixes I think the old maintainers page sums it up pretty well, else you can check the CVE, the NVD or any changelog for any recent release of the package. For instance the latest CentOS-5 release is 0.17-29.2.2 which is based on netkit-0.17 which was released in 2001. And indeed there have not been any security fixes in recent years. In terms of use talkd doesn't have any authentication or authorisation features (I know of) other than its invitation tables and such and in general it is suggested it shouldn't be run at all or only when confined to a LAN (implying "trusted" users). Since it runs out of Xinetd you can use all of its tcpwrapper-like and other filters to mitigate risk by regulating access in addition to firewalling.

cool thanks for the replys

i will check them links out.

We are only using it to communicate over the local lan.

Just figured it would be faster than msn.

At the moment it just keeps freezing and the checking for invitation so i thought we might have to try something else. I thought it would work easy as we both have the exact same distro

Thanks again

Ben

Are you running the server on both machines?

That's funny. You considered MSN over a public internet, through servers managed by others, with all the exploits that hit online chat programs and ask about talk security! :-0

What do you mean "freezing".

very good point guess i dint think when i typed that lol.

When i does this

talk john@ipaddress

it says Error on read from talk daemon: Connection refused. Press any key...

then it goes past the message and just says

[Checking for invitation on caller's machine]

It just hangs here no connection or anything.

thanks for the help

Connection refused means the talk daemon is not listening; could be it is not running, or that it is not listening on interfaces other than the loopback interface. The remote server needs to be listening on the appropriate interfaces.

There is an older protocol of talk (long ago); I doubt anyone is using it today, but both ends must be running the newer version.

That would have been the point of my post.

I don't know about Ubuntu, but the RH package is talk-server

i have installed talk on both laptops using apt-get

How to i check this to listen on the appropriate interface i thought this would be set up correctly by default?

Thanks

Client => talk
Server => talkd, in.talkd or ntalkd

Do you also have the server installed?

ntalk listens on port 518, old talk on port 517.

netstat -a | grep talk
netstat -an | grep '\.51[78] '

What are the results?

ok thanks for that reply.

I did not have talkd installed which i have now done.

i ran both of them commands in the terminal but neither gave a result?

I will try it when my friend comes home i think installing the server could fix the problems we were having though..

Will post back later to let you know how i go

Thanks for the help

Talk with yourself to test. It will work just fine. Just be sure to answer yourself. :-)

Talkd is what billymayday in post 5 and 9 was referring to.

It's just a question of what the package is called in apt.

Talking to yourself is useally good - at least you should be able to understand the conversation. Pretty bad if you can't!

this command now gives

netstat -a | grep talk


udp 0 0 192.168.1.102:34337 192.168.1.102:talk ESTABLISHED
udp 0 0 localhost:34110 localhost:talk ESTABLISHED


but still i can not talk not even to myself lol

it just gives the same error message

Error on read from talk daemon: Connection refused. Press any key.

Then when you go past it, it just hangs when checking for invitation on callers machine