"Nayfield, Rod" <nevets.oau.org!alfred!ucf-cs!mail.IConNet.COM!rnayfield@bea wrote this: > isn't there a way that an admin can figure out who is the actual user who > actually fingered the attacked host? Isn't there some sort of identifying > daemon that would get the name of the guy that fingered the attacked host? Well they could use 'ident', but that can't be trusted of course. I think if you come up with a way of positively identifying the originating username of a finger (or other tcp/ip request), you'll be both rich and famous :) -- These are my opinions and not those of this university.