> Anonymous says: > > What is the best way to keep someone from finger-bombing > > your site other than having fingerd cat /unix to stdout? > > > > (other than hosts.deny. We have a person who fingers > > a user at our site from different hosts hundreds of times > > per hour) > > Comment out the line for finger in /etc/inetd.conf. I have a personal gripe here -- My apologies to the moderator if he considers this message off-topic. Folks, if someone asks for a way to stop XXX program from doing YYY, chances are they -don't- want to disable XXX program. I've seen this response many times, both here and on other lists (and newsgroups) -- "If you don't want someone abusing XXX, just delete XXX". This reminds me a lot of SideWinder -- They may have a secure system, but you can't do anything with it! Please, guys, if you can't post an idea better than "turn it off", don't. [Note, this complaint does not reflect on this particular poster, or anyone in specific, but is more about a general attitude that many seem to preset. Nor should it be taken as gospel -- That's the moderator's job. Take with a large grain of salt]. Back on the original question, I don't think there's an easy way to stop finger bombs other than denying the bombing sites access to your finger daemon. This does bring up an interesting idea for improvements to xinetd/inetd or whatever, though -- Why not have a config option that you can set so that if more than X number of requests for Y service were received from Z host in A time, the service shut off requests from that host for 5/10/15 minutes. Would that feature really be useful, and be worth the overhead? Personally, -I- don't think so, but if your site comes under regular attacks from such things, it may be a handy feep to have. Now, if someone would just code it. *grin* [ramble off] -WW