Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!mcsun!hp4nl!tuegate.tue.nl!rc6.urc.tue.nl!rwa.urc.tue.nl!rcbarn From: rcbarn@rwa.urc.tue.nl (Raymond Nijssen) Newsgroups: comp.unix.misc Subject: Re: who's fingering me Keywords: finger Message-ID: Date: 19 Jun 91 07:27:50 GMT References: <1991Jun10.155314.4829@ms.uky.edu> <1991Jun17.163240.19133@sci34hub.sci.com> Sender: news@rc6.urc.tue.nl Reply-To: rcbarn@urc.tue.nl Distribution: comp Lines: 43 gary@sci34hub.sci.com (Gary Heston) writes: >In article rcbarn@urc.tue.nl writes: >=sean@ms.uky.edu (Sean Casey) writes: >=> >=>The answer is: it can't. The IP protocols do not transmit userid >=>information, and neither does the finger protocol. [...] >=As a very simple but useful workaround in this case, you can use a >=fingerd that immediately fingers back to the host it receives a request >=from, thus revealing potential userid of people who are fingering your >=system. [...] >...and when a user on a machine implementing this fingers someone on >another machine implementing it, the second machine fingers the first >to see who it is, causing the first machine to finger the second again, >causing the second to finger the first again, etc., etc., etc. It seems that my previous posting could easily be misunderstood; I did not at all mean to suggest that these very simple workarounds were capable of solving all shortcomings of the IP protocols; they merely exchange one disadvantage for another. >Sounds like positive feedback, to me. Well, don't be so negative before you had a look at it; I don't know exactly how smart these tools are, but I can very well imagine that some kind of very trivial check to avoid unnecessary backfingers is built in. >It would be better to change finger to provide the requesting uid, >and fingerd to reject requests that don't provide it. The problem is not just fingerd; in general, all IP stuff suffers from some kind of this problem. As for me, I can't think of no good reason why IP protocols don't transmit UID info, but I guess we'll have to live with it. >Gary Heston System Mismanager and technoflunky uunet!sci34hub!gary or -Raymond -- | Raymond X.T. Nijssen | Eindhoven Univ. of Technology | | raymond@es.ele.tue.nl | EH 7.13, PO 513, 5600 MB Eindhoven, The Netherlands | | "Don't put that on the wall in a tax-payer supported museum!" Pat Buchanan |