Re: finger-bombing

Charles Howes (chowes@helix.net)
Thu, 13 Oct 1994 20:16:00 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Charles Howes: "Re: finger-bombing, abuse timeout"
Previous message: That Whispering Wolf...: "Internet worm question?"
In reply to: James Seng: "Re: finger-bombing"
Next in thread: Eric Kimminau: "Re: finger-bombing"

On Thu, 13 Oct 1994, James Seng wrote:

> On Wed, 12 Oct 1994, Christopher Klaus wrote:
> > Contact the admins of those hosts and tell them to have it stopped.  
> > Also, modify inetd.conf and comment out finger and kill -HUP inetd
> > to restart it.
> 
> A question which is not really relvant to this mailing-list..What if the 
> admin is the one who is guilty of such attack? (attack here refers to 
> more general case than just fingering) Who do i inform or do i have to 
> deal it myself? :-)

Fortunately, there is always a course of action.

For any site, if you can't get satisfaction, you can go up the chain of
command until you *do* get satisfaction.

Universities, companies, and others are on the net for a reason, and
usually want to be good neighbours.  University and company presidents
are usually quite responsive if their subordinates are causing
problems.

And, if the president is causing a problem, there's a network provider
that can always be approached.

If *that* fails to satisfy you, you can either take it to usenet, or
decide you were wrong.  Sometimes both.  :-)

As to the original question, would creating a fifo called .plan be
good or bad?  It would freeze finger requests as they were made,
allowing a more casual tracing, but risks overflowing some kernel
table?

Also, if it is being done indirectly (finger user@yourhost@host1), ask
the folks at host1 if they could keep logs of finger requests, as well
as put in the ident service.  (Tcp wrappers, pidentd and syslog.)

ObBug: the C2conv program on SunOS 4.1.3 seemed to have dumped garbage
  over part of our password file when we tried it the other day.  The
  syslog for auth.info exploded as a result.  It's almost as secure as
  dumping the computer into wet cement, and takes less time.  How *do*
  you set up shadow passwords, anyway?

ObBug2: I was talk-bombed the other day.  You can modify a talk
  program to send escape sequences in the talk request, messing up the
  recipient's screen.  Since it's UDP, finding the culprit is not
  possible with tcpd.  Anyone have a solution?

--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Next message: Charles Howes: "Re: finger-bombing, abuse timeout"
Previous message: That Whispering Wolf...: "Internet worm question?"
In reply to: James Seng: "Re: finger-bombing"
Next in thread: Eric Kimminau: "Re: finger-bombing"