Re: finger-bombing

[pascal () netcom com (Richard A Childers)]

"You might be interested in the response of simply telnetting to 
 the finger port on most systems.  It displays all the users
 on the system."


He's right. Commenting it out ( or replacing it with a wrapper that
applies some countermeasures to filter out misuse and abuse ) is
suggested.

 ... SunOS 4.1.3 manual says :


< start quoted material >

 NAME
     fingerd, in.fingerd - remote user information server

 SYNOPSIS
     /usr/etc/in.fingerd

 DESCRIPTION
                                . . . .

     If the line is null (only a LINEFEED is  sent)  then  finger
     returns a "default" report that lists all people logged into
     the system at that moment.

     If a user name is  specified  (for  instance,  ericLINEFEED)
     then  the  response lists more extended information for only
     that particular user, whether logged in or  not.   Allowable
     "names"  in  the command line include both "login names" and
     "user names".  If a name is ambiguous, all possible  deriva-
     tions are returned.

SEE ALSO
     finger(1)

                                . . . .

< end quoted material >

To cut through the inevitable arguement in the least amount of time ...
finger(1) and fingerd(8) were evolved in a university environment. If
your primary concern is security ... comment it out. If your primary
concern is connectivity ... 'wrap' it.

If your primary concern is attention ... complain about it.     (-:


-- richard

    "I gathered I wasn't very well liked. Somehow, the feeling pleased me."
                    _Nine Princes In Amber_, by Roger Zelazny

   richard childers        san francisco, california        pascal () netcom com