okay, the material here is an exploit for a stack overflow bug in talkd that has been
known for about a year (and still not patched on most hosts). 
 
requirements:
 
 - root on a machine that serves as a primary dns for some host
anywhere on the net (root on all secondary servers might also be
necessary in certain cases). hint: look for dns machines somewhere
in the third world. they aren't very difficult to hack, to say
the least.
 - at least one user with "messages on" must be logged on to the host
you want to attack, and you must know her or his login name. they
won't get paged, though, if the attack is successful.
 - current code works only for bsd (freebsd, netbsd, bsdi, etc.) and
linux, and only for intel x86, BUT it is adaptable to any other system
or architecture with a little programming in assembler (if somebody
does that, please let me know. if i'm not reachable by e-mail here
please post with a subject 'talkd' to some security group or mailing
list that gets archived. if you care).
 
result:
 
 - root on the host you're attacking, if you are successful.
 - no traces at all, except possibly something like "talkd:
connection refused" in the logfile, which is in principle also
avoidable.