who's fingering me

Gary Heston gary at sci34hub.sci.com
Tue Jun 18 02:32:40 AEST 1991


In article <rcbarn.676630997 at rwa.urc.tue.nl> rcbarn at urc.tue.nl writes:
=sean at ms.uky.edu (Sean Casey) writes:
=>
=>The answer is: it can't. The IP protocols do not transmit userid
=>information, and neither does the finger protocol. A system using Dan
=>Bernstein's mods would be able to supply userid info, but your fingerd
=>daemon would need to be modified to use his authentication libary.

=As a very simple but useful workaround in this case, you can use a 
=fingerd that immediately fingers back to the host it receives a request 
=from, thus revealing potential userid of people who are fingering your
=system. Have a look at ftp.win.tue.nl:~ftp/pub/logdaemon.tar.Z
=(available for anon. ftp). It contains various utilities of this
=kind written by Wietse Venema.

...and when a user on a machine implementing this fingers someone on
another machine implementing it, the second machine fingers the first
to see who it is, causing the first machine to finger the second again,
causing the second to finger the first again, etc., etc., etc.

Sounds like positive feedback, to me. It would be better to change
finger to provide the requesting uid, and fingerd to reject requests
that don't provide it.

-- 
Gary Heston   System Mismanager and technoflunky   uunet!sci34hub!gary or
My opinions, not theirs.    SCI Systems, Inc.       gary at sci34hub.sci.com
I support drug testing. I believe every public official should be given a
shot of sodium pentathol and ask "Which laws have you broken this week?".



More information about the Comp.unix.misc mailing list