On Wed, 12 Oct 1994, Christopher Klaus wrote: > > What is the best way to keep someone from finger-bombing > > your site other than having fingerd cat /unix to stdout? > > > > (other than hosts.deny. We have a person who fingers > > a user at our site from different hosts hundreds of times > > per hour) > > Contact the admins of those hosts and tell them to have it stopped. > Also, modify inetd.conf and comment out finger and kill -HUP inetd > to restart it. The best way to "keep someone from" <insert networking process> is not always to just remove the service. How about coming up with a front end that fingers back anyone who fingers you more than 2 times in a row and then time between fingerd execution increases in exponential numbers for successive fingers. You may also want to finger that account back and dump it to your log file. Sure its abnoxious, but it would only be turned on in such an instance where a bomber thinks he is being cute. Yes contacting admins is the place to start. I believe there is a patch somewhere for fingerd that enables tracing a logging of more than 5 successive fingers from a given site. Id have to go looking to find it. Eric Kimminau "I am not an official Ford spokesperson"