While talkd (ntalkd) is good enough to use strvis() to prevent control
chars from getting through to the poor user, it still allows flooding.

Short of tracking requests and dropping duplicates which come in
rapid (rabid) sequence, I find that checking for a proper username
is sufficient to defeat the common 'flash' utility.

The former approach begs the flash tool to add a pause of a second or
two.  The latter the replacement of the control code username with
a normal alphanum name.  Here is my patch for the latter fix.

*** announce.c  Wed Oct 23 19:54:39 1996
--- foo.c       Wed Oct 23 19:54:10 1996
***************
*** 102,107 ****
--- 102,113 ----
        char full_tty[32];
        FILE *tf;
        struct stat stbuf;
+       char *p;
+ 
+       p = request->l_name;
+       while (*p)
+               if (!isalnum(*p++))
+                       return;
  
        (void)snprintf(full_tty, sizeof(full_tty), "%s/%s", _PATH_DEV, 
            request->r_tty);