Re: fingerd problems

Brian Mitchell (brian@saturn.net)
Fri, 17 May 1996 02:41:47 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Niko Makila: "Re: SunOS 4.1.4 fingerd"
Previous message: Jon Lewis: "Re: fingerd problems"
In reply to: Elliot Lee: "Re: fingerd problems"
Next in thread: Robert A. Pickering Jr.: "Re: fingerd problems"
Next in thread: Christopher X. Candreva: "Re: SunOS 4.1.4 fingerd"

On Thu, 16 May 1996, Elliot Lee wrote:

> > [ list of ways to list all the users on a system using fingerd ]
>
> Another vulnerability of many finger daemons is their ability to support
> 'chain' fingers. If they are passed a "username" in the form of
> 'user@ahost.net' the finger daemon will repeat the finger, effectively
> hiding the tracks of anyone trying to scope out your system security.
>
> For a demonstration, 'telnet prep.ai.mit.edu 79' and type
> '[yourname]@[yourhost]'. If you have TCP wrappers installed, you will
> notice that the finger connection comes from prep.ai.mit.edu, not [yourhost].
>

Some www servers also include the 'finger' cgi program, which can be used
in much the same way, ie:

lynx http://www.cgis.net/cgi-bin/finger\?user@host

Brian Mitchell                  brian@saturn.net

"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

Next message: Niko Makila: "Re: SunOS 4.1.4 fingerd"
Previous message: Jon Lewis: "Re: fingerd problems"
In reply to: Elliot Lee: "Re: fingerd problems"
Next in thread: Robert A. Pickering Jr.: "Re: fingerd problems"
Next in thread: Christopher X. Candreva: "Re: SunOS 4.1.4 fingerd"