6600hubb@ucsbuxa.ucsb.edu (Richard Hubbell) (04/04/91)
Does unix offer a method for keeping track of each occurence of being fingered? i.e. if someone fingers me is there a way that I can tell who it was that fingered me? RH -- ----------------------------------------------------------------------- " University of California Santa Barabara Richard Hubbell " "6600hubb@ -> Inet:ucsbuxa.ucsb.edu;Bitnet:ucsbuxa.bitnet;UUCP:ucsbuxa " _______________________________________________________________________
c60b-1eq@web-1c.berkeley.edu (Noam Mendelson) (04/04/91)
In article <10290@hub.ucsb.edu> 6600hubb@ucsbuxa.ucsb.edu (Richard Hubbell) writes: > > Does unix offer a method for keeping track of each >occurence of being fingered? i.e. if someone fingers me is there >a way that I can tell who it was that fingered me? You could easily determine which machine you are being fingered from by monitoring connections on TCP port 79. There is no easy way to narrow it down to a specific user. +==========================================================================+ | Noam Mendelson ..!agate!ucbvax!web!c60b-1eq | "I haven't lost my mind, | | c60b-1eq@web.Berkeley.EDU | it's backed up on tape | | University of California at Berkeley | somewhere." |
gasser@eniac.seas.upenn.edu (Nathan Gasser) (04/04/91)
In article <1991Apr4.065545.3411@agate.berkeley.edu> c60b-1eq@web-1c.berkeley.edu (Noam Mendelson) writes: >You could easily determine which machine you are being fingered from >by monitoring connections on TCP port 79. There is no easy way to >narrow it down to a specific user. That's cool. I've seen it done before. Would you care to help out a UNIX neophyte and say exactly what one does to accomplish this task? Thanks. Nate gasser@eniac.seas.upenn.edu -- "Everybody remember where we parked..."
jik@athena.mit.edu (Jonathan I. Kamens) (04/08/91)
In article <10290@hub.ucsb.edu>, 6600hubb@ucsbuxa.ucsb.edu (Richard Hubbell) writes: |> Does unix offer a method for keeping track of each |> occurence of being fingered? i.e. if someone fingers me is there |> a way that I can tell who it was that fingered me? Someone else has pointed out that you can monitor finger connections by watching TCP port 79. This solution, however, has several drawbacks: 1. It catched only remote finger attempts. It does not deal with people fingering you on your machine. 2. Watching a TCP port that another process is already bound to is somewhat difficult, and requires network monitoring that is not doable at the novice level. 3. On a Unix system, port 79 is a reserved port, and therefore only the superuser can do anything with it, so you'd have to be root to do the monitoring. If you are the superuser, and you wan to use this method, then it is probably easier to install a modified fingerd that does monitoring, or to have inetd call your monitor instead of fingerd (and then have your monitor exec fingerd when it's done doing the monitoring stuff), than it would be to actually keep watch over the port at the same time as inetd. If you are not the superuser, and you want to do this anyway, and your system supports named pipes, and your system's fingerd has no problem with reading from a named pipe, then you can do this by creating a named pipe as your .plan file, and running a process opens the pipe, selects it for write, and whenever it is ready for write, figures out what process is doing the reading and does monitoring stuff on that process, and then sends your .plan file over the pipe. The question of monitoring fingers and the question of using a pipe as a .plan file have both been discussed several times in this newsgroup; in fact, I am surprised they are not in the Frequently Asked Questions posting (Steve?). I would give sample code demonstrating the latter, but the systems to which I have access do not support named pipes, so I can't test it very effectively, and I've never had to do it. Given the number of times it has been discussed, I hope someone else has saved the discussion and can post some of the more interesting articles from it.... -- Jonathan Kamens USnail: MIT Project Athena 11 Ashford Terrace jik@Athena.MIT.EDU Allston, MA 02134 Office: 617-253-8085 Home: 617-782-0710
c60b-1eq@web-1f.berkeley.edu (Noam Mendelson) (04/08/91)
In article <1991Apr8.020222.11776@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes: >In article <10290@hub.ucsb.edu>, 6600hubb@ucsbuxa.ucsb.edu (Richard Hubbell) writes: >|> Does unix offer a method for keeping track of each >|> occurence of being fingered? i.e. if someone fingers me is there >|> a way that I can tell who it was that fingered me? > Someone else has pointed out that you can monitor finger connections by >watching TCP port 79. This solution, however, has several drawbacks: > ... text deleted ... >2. Watching a TCP port that another process is already bound to is somewhat > difficult, and requires network monitoring that is not doable at the novice > level. >3. On a Unix system, port 79 is a reserved port, and therefore only the > superuser can do anything with it, so you'd have to be root to do the > monitoring. > If you are not the superuser, and you want to do this anyway, and your >system supports named pipes, and your system's fingerd has no problem with >reading from a named pipe, then you can do this by creating a named pipe as >your .plan file, and running a process opens the pipe, selects it for write, >and whenever it is ready for write, figures out what process is doing the >reading and does monitoring stuff on that process, and then sends your .plan >file over the pipe. That's the method I use. And the novice can easily monitor TCP port 79 by doing a 'netstat -n | fgrep ".79 "'. If there is a connection to port 79, it'll show up in the listing. If you're the super user, though, a new fingerd would be the best solution. That would also solve the problem of having to run the monitoring program, and would guarantee (?) to catch every finger request. +==========================================================================+ | Noam Mendelson ..!agate!ucbvax!web!c60b-1eq | "I haven't lost my mind, | | c60b-1eq@web.Berkeley.EDU | it's backed up on tape | | University of California at Berkeley | somewhere." |
armstron@cs.arizona.edu (Jim Armstrong) (04/10/91)
In article <1991Apr8.020222.11776@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes: >In article <10290@hub.ucsb.edu>, 6600hubb@ucsbuxa.ucsb.edu (Richard Hubbell) writes: >|> Does unix offer a method for keeping track of each >|> occurence of being fingered? i.e. if someone fingers me is there >|> a way that I can tell who it was that fingered me? > If you are not the superuser, and you want to do this anyway, and your >system supports named pipes, and your system's fingerd has no problem with >reading from a named pipe, then you can do this by creating a named pipe as >your .plan file, and running a process opens the pipe, selects it for write, >and whenever it is ready for write, figures out what process is doing the >reading and does monitoring stuff on that process, and then sends your .plan >file over the pipe. About a month ago there was a sample program posted to this newsgroup that set up a FIFO named pipe as your .plan file. I modified the code to set up a simple (perhaps naive) finger monitor for users on my machine. The process running on the other end of the pipe basically did a ps au whenever someone fingered me to find out who it was. The information could be stored in a file for later inspection or used to print a personal hello message as part of the .plan to whoever fingered me. Of course, this brings up the infamous 'caller id' discussion as to whether this is really ethical. I know that I like to be able to finger another user without my identity revealed, and I have since returned that sense of privacy to the other users on this host. -- Jim Armstrong "The nonpayment and subsequent abuse of armstron@cs.arizona.edu socially powerless athletes is simply a uunet!arizona!armstron form of modern-day slavery" --Rick Telander