Re: finger-bombing
That Whispering Wolf... (elfchief@lupine.org)
Wed, 12 Oct 1994 23:46:27 +0000 (BST)
> Anonymous says:
> > What is the best way to keep someone from finger-bombing
> > your site other than having fingerd cat /unix to stdout?
> >
> > (other than hosts.deny. We have a person who fingers
> > a user at our site from different hosts hundreds of times
> > per hour)
>
> Comment out the line for finger in /etc/inetd.conf.
I have a personal gripe here -- My apologies to the moderator if he
considers this message off-topic.
Folks, if someone asks for a way to stop XXX program from doing YYY,
chances are they -don't- want to disable XXX program. I've seen this
response many times, both here and on other lists (and newsgroups) --
"If you don't want someone abusing XXX, just delete XXX".
This reminds me a lot of SideWinder -- They may have a secure system,
but you can't do anything with it! Please, guys, if you can't post
an idea better than "turn it off", don't.
[Note, this complaint does not reflect on this particular poster, or
anyone in specific, but is more about a general attitude that many seem
to preset. Nor should it be taken as gospel -- That's the moderator's job.
Take with a large grain of salt].
Back on the original question, I don't think there's an easy way to
stop finger bombs other than denying the bombing sites access to your
finger daemon.
This does bring up an interesting idea for improvements to xinetd/inetd
or whatever, though -- Why not have a config option that you can set so
that if more than X number of requests for Y service were received from
Z host in A time, the service shut off requests from that host for
5/10/15 minutes. Would that feature really be useful, and be worth the
overhead? Personally, -I- don't think so, but if your site comes under
regular attacks from such things, it may be a handy feep to have. Now, if
someone would just code it. *grin*
[ramble off]
-WW