Xref: utzoo comp.protocols.tcp-ip:16683 alt.security:2711 Path: utzoo!utgpu!cs.utexas.edu!swrinde!mips!spool.mu.edu!agate!soda.berkeley.edu!welch From: welch@soda.berkeley.edu (Sean N. Welch) Newsgroups: comp.protocols.tcp-ip,alt.security Subject: Re: nosy finger daemons Summary: fingering the fingerer doesn't work... Keywords: NOT Message-ID: <1991Jun22.200307.29634@agate.berkeley.edu> Date: 22 Jun 91 20:03:07 GMT References: Sender: usenet@agate.berkeley.edu (USENET Administrator) Followup-To: alt.security Organization: Computer Science Undergraduate Association, UC Berkeley Lines: 26 In article rsm@math.arizona.edu (Robert S. Maier) writes: >Several machines in the nrl.navy.mil domain have an interesting >undocumented feature: if you finger them, they finger you right back! >Examples are tiger.nrl.navy.mil and ccf.nrl.navy.mil. Try it >yourself; if your finger daemon logs incoming requests you'll pick >it up at once. Interesting, but only to a point. Many sites let you bounce fingers such that you can chain them from your site to somewhere that your machine doesn't know about by going through a machine that does know where you want to finger. Some companies operate with only a single gateway on the internet, so you can't finger at foo.big.com, but you can finger @foo@big.com since the foo gets evaluated at big.com which knows about foo and can get to it. The effect this has on finger-you-back finger daemons is that they look for you at the most recent link in the chain. What if you do something really silly like: finger @ccf.nrl.navy.mil@tiger.nrl.navy.mil (Yes, I tried it. Unfortunately you can't chain forever on these two machines since if you try and finger @somehere@ccf.nrl.navy.mil, you get finger@ccf3.nrl.navy.mil: argument list not permitted) Sean Welch welch@Berkeley.EDU