Bugtraq mailing list archives
Re: Fingerd Summary
From: adam () bwh harvard edu (Adam Shostack)
Date: Fri, 21 Oct 94 15:20:46 EDT
| Here's another feature we'd like to see: allowing fingering specific | people, but not a generic finger of a machine, which could be used to | learn login ids. Which of the fingerds you looked at had that feature? rfingerd could be made to do that with a little input filtering. Its perl, so the input filter should be pretty simple--if anyone writes one, please pass it on to me. No need to reinvent the wheel.:) fingerd-1.0 has the ability built in. sfinger provides it by only allowing certain finger targets, defined by the existance of a file in its directory (which is the output of finger.) Both rfingerd & fingerd-1.0 call /usr/ucb finger. If you replace that with gnu finger, gnu finger allows you to define arbitrary actions, including a 'default' target if no argument is given. If this default target is site info, you get the effect of not allowing 'generic' fingers. Also, don't forget to turn off rusers. :) Adam
Current thread:
- Re: Internet Worm, (continued)
- Re: Internet Worm Darragh Nagle (Oct 19)
- Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
- Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
- Re: R utilities, addresses, etc. Charles Howes (Oct 21)
- Fingerd Summary Adam Shostack (Oct 20)
- Re: Fingerd Summary Stephen Gildea (Oct 21)
- Re: Fingerd Summary Adam Shostack (Oct 21)
- Re: Fingerd Summary KevinTX (Oct 21)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: Internet Worm Darragh Nagle (Oct 19)
- access(2)--a security hole? Jonathan M. Bresler (Oct 20)
- Re: access(2)--a security hole? Justin Mason (Oct 21)
- Re: access(2)--a security hole? Dave Goldberg (Oct 21)
- Re: access(2)--a security hole? Karl Strickland (Oct 21)
- Re: access(2)--a security hole? Julian Assange (Oct 21)
- Re: access(2)--a security hole? John DiMarco (Oct 21)
- Re: access(2)--a security hole? jmc () gnu ai mit edu (Oct 21)
- adjunct *Hobbit* (Oct 20)