home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.security.misc
- Path: sparky!uunet!usc!elroy.jpl.nasa.gov!dank
- From: dank@blacks.jpl.nasa.gov (Dan Kegel)
- Subject: Re: unhappy about overloading finger
- Message-ID: <dank.711764645@blacks.jpl.nasa.gov>
- Sender: news@elroy.jpl.nasa.gov (Usenet)
- Nntp-Posting-Host: blacks.jpl.nasa.gov
- Organization: Image Analysis Systems Group, JPL
- References: <ggm.711690458@brolga> <dank.711741463@blacks.jpl.nasa.gov> <ggm.711762904@brolga>
- Date: Wed, 22 Jul 1992 00:24:05 GMT
- Lines: 26
-
- ggm@brolga.cc.uq.oz.au (George Michaelson) writes:
-
- >dank@blacks.jpl.nasa.gov (Dan Kegel) writes:
- >> But what about 'Horton'? It fingers all the participating machines in
- >> one's own domain hourly to update an e-mail address database,
-
- >...I'd have preferred 'horton' to [use a different TCP/IP port than finger]
- >That way I know that this traffic is constrained to just that context.
-
- >> It would be impractical to make horton use something other than finger,
- >> [because Horton by design requires no active cooperation from the sysops.]
-
- >This is a dual-edged sword. Deploying something as sensitive as an information
- >gatherer, without requiring active consent, and to close off access requiring
- >local modification.... not social behaviour methinks.
-
- OK, I'd like the next version of Horton to be socially correct ;-)
- Would it suffice to send a mail message to postmaster@foo, with an offer to
- exclude foo from polling, before beginning to gather information from foo?
-
- >On the whole, I think (mis)use of finger is doing more good than bad. I'd have
- >preferred to see the various threads of functionality unravelled a bit more.
-
- I doubt that just moving Horton's polling activity to another well-known-
- port would add any real security; hackers could just as well use that port.
- - Dan Kegel (dank@blacks.jpl.nasa.gov)
-
