Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!sci34hub!gary From: gary@sci34hub.sci.com (Gary Heston) Newsgroups: comp.unix.misc Subject: Re: who's fingering me Keywords: finger Message-ID: <1991Jun17.163240.19133@sci34hub.sci.com> Date: 17 Jun 91 16:32:40 GMT References: <1991Jun10.155314.4829@ms.uky.edu> Reply-To: gary@sci34hub.sci.com (Gary Heston) Distribution: comp Organization: SCI Technology, Inc., Huntsville, Al. Lines: 29 In article rcbarn@urc.tue.nl writes: =sean@ms.uky.edu (Sean Casey) writes: => =>The answer is: it can't. The IP protocols do not transmit userid =>information, and neither does the finger protocol. A system using Dan =>Bernstein's mods would be able to supply userid info, but your fingerd =>daemon would need to be modified to use his authentication libary. =As a very simple but useful workaround in this case, you can use a =fingerd that immediately fingers back to the host it receives a request =from, thus revealing potential userid of people who are fingering your =system. Have a look at ftp.win.tue.nl:~ftp/pub/logdaemon.tar.Z =(available for anon. ftp). It contains various utilities of this =kind written by Wietse Venema. ...and when a user on a machine implementing this fingers someone on another machine implementing it, the second machine fingers the first to see who it is, causing the first machine to finger the second again, causing the second to finger the first again, etc., etc., etc. Sounds like positive feedback, to me. It would be better to change finger to provide the requesting uid, and fingerd to reject requests that don't provide it. -- Gary Heston System Mismanager and technoflunky uunet!sci34hub!gary or My opinions, not theirs. SCI Systems, Inc. gary@sci34hub.sci.com I support drug testing. I believe every public official should be given a shot of sodium pentathol and ask "Which laws have you broken this week?".