Why not just wrap the finger daemon ... you can then log the fingers, and deny finger connections from the sites which the abuse comes from. Most SAs don't like people fingering anyway. Or at least fingering a site, not username@site, as you don't want to give away user info. I would do the following: 1. Modify fingerd to give a blurb about the site instead of users online and load averages when fingered without an argument 2. Wrap the finger port with tcp wrapper 3. Check the logs and deny fingering access to the sites which finger several hundred times per hour. Perhaps go as far as contacting the abusive site's admin and bitching. -r ______________________________ Reply Separator _________________________________ Subject: finger-bombing Author: nobody@io.com (Anonymous) at Internet Date: 10/12/94 8:46 PM What is the best way to keep someone from finger-bombing your site other than having fingerd cat /unix to stdout? (other than hosts.deny. We have a person who fingers a user at our site from different hosts hundreds of times per hour)