Xref: utzoo comp.protocols.tcp-ip:16677 alt.security:2707
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!ncar!noao!amethyst!rsm
From: rsm@math.arizona.edu (Robert S. Maier)
Newsgroups: comp.protocols.tcp-ip,alt.security
Subject: nosy finger daemons
Message-ID: <RSM.91Jun21182838@coral.math.arizona.edu>
Date: 22 Jun 91 01:28:38 GMT
Organization: Mathematics Department, University of Arizona
Lines: 25

Several machines in the nrl.navy.mil domain have an interesting
undocumented feature: if you finger them, they finger you right back! 
Examples are tiger.nrl.navy.mil and ccf.nrl.navy.mil.  Try it
yourself; if your finger daemon logs incoming requests you'll pick
it up at once.

If you finger either, it's always tiger.nrl.navy.mil that fingers you.
So the modifications to their finger daemons must be nontrivial.

Apparently the folks at nrl.navy.mil (Navy Research Laboratory) didn't
want to erect a full-fledged firewall, so they compromised on this.
It doesn't seem a very effective protection against the outside world
though.  In fact it's rather amusing.  Has anyone ever seen anything
else like this?

I haven't checked to see whether their other daemons (e.g. rusersd)
are nosy too, but I wouldn't be surprised.  Apparently `Caller ID' has
come to the Internet.

-- 
Robert S. Maier   | Internet: rsm@math.arizona.edu, rsm@cs.arizona.edu
Dept. of Math.    | UUCP: uunet!arizona!amethyst!rsm
Univ. of Arizona  | Bitnet: maier@arizrvax
Tucson, AZ  85721 | FAX: +1 602 621 8322
U.S.A.            | Voice(POTS): +1 602 621 6893  /  +1 602 621 2617