rsm@math.arizona.edu (Robert S. Maier) (06/22/91)
Several machines in the nrl.navy.mil domain have an interesting undocumented feature: if you finger them, they finger you right back! Examples are tiger.nrl.navy.mil and ccf.nrl.navy.mil. Try it yourself; if your finger daemon logs incoming requests you'll pick it up at once. If you finger either, it's always tiger.nrl.navy.mil that fingers you. So the modifications to their finger daemons must be nontrivial. Apparently the folks at nrl.navy.mil (Navy Research Laboratory) didn't want to erect a full-fledged firewall, so they compromised on this. It doesn't seem a very effective protection against the outside world though. In fact it's rather amusing. Has anyone ever seen anything else like this? I haven't checked to see whether their other daemons (e.g. rusersd) are nosy too, but I wouldn't be surprised. Apparently `Caller ID' has come to the Internet. -- Robert S. Maier | Internet: rsm@math.arizona.edu, rsm@cs.arizona.edu Dept. of Math. | UUCP: uunet!arizona!amethyst!rsm Univ. of Arizona | Bitnet: maier@arizrvax Tucson, AZ 85721 | FAX: +1 602 621 8322 U.S.A. | Voice(POTS): +1 602 621 6893 / +1 602 621 2617
alo@hiisi.hut.fi (Antti Louko) (06/22/91)
In article <RSM.91Jun21182838@coral.math.arizona.edu> rsm@math.arizona.edu (Robert S. Maier) writes: >Several machines in the nrl.navy.mil domain have an interesting >undocumented feature: if you finger them, they finger you right back! >Examples are tiger.nrl.navy.mil and ccf.nrl.navy.mil. Try it >yourself; if your finger daemon logs incoming requests you'll pick >it up at once. >though. In fact it's rather amusing. Has anyone ever seen anything >else like this? I haven't seen it before, but I have thought about it. I decided not to implement it. Why? Think about it. What if my fingerd and theirs both implement this "feature"? How long they will keep fingering each other? Or if I find another internet site who implements this, say rixrax.foo.com and give command finger @tiger.nrl.navy.mil@rixrax.foo.com and let them finger each other forever.
welch@soda.berkeley.edu (Sean N. Welch) (06/23/91)
In article <RSM.91Jun21182838@coral.math.arizona.edu> rsm@math.arizona.edu (Robert S. Maier) writes: >Several machines in the nrl.navy.mil domain have an interesting >undocumented feature: if you finger them, they finger you right back! >Examples are tiger.nrl.navy.mil and ccf.nrl.navy.mil. Try it >yourself; if your finger daemon logs incoming requests you'll pick >it up at once. Interesting, but only to a point. Many sites let you bounce fingers such that you can chain them from your site to somewhere that your machine doesn't know about by going through a machine that does know where you want to finger. Some companies operate with only a single gateway on the internet, so you can't finger at foo.big.com, but you can finger @foo@big.com since the foo gets evaluated at big.com which knows about foo and can get to it. The effect this has on finger-you-back finger daemons is that they look for you at the most recent link in the chain. What if you do something really silly like: finger @ccf.nrl.navy.mil@tiger.nrl.navy.mil (Yes, I tried it. Unfortunately you can't chain forever on these two machines since if you try and finger @somehere@ccf.nrl.navy.mil, you get finger@ccf3.nrl.navy.mil: argument list not permitted) Sean Welch welch@Berkeley.EDU
srp@babar.mmwb.ucsf.edu (Scott R. Presnell%Cohen) (06/23/91)
rsm@math.arizona.edu (Robert S. Maier) writes: >Apparently `Caller ID' has come to the Internet. Ever since getpeername() and gethostbyaddr()! (Remember, Caller ID doesn't get you exactly *who* is on the other end, just the "address" of the device, be it phone or computer.) - Scott -- Scott Presnell +1 (415) 476-9890 Pharm. Chem., S-926 Internet: srp@cgl.ucsf.edu University of California UUCP: ...ucbvax!ucsfcgl!srp San Francisco, CA. 94143-0446 Bitnet: srp@ucsfcgl.bitnet
cgw@vaxb.acs.unt.edu (06/23/91)
In article <RSM.91Jun21182838@coral.math.arizona.edu>, rsm@math.arizona.edu (Robert S. Maier) writes: [discussion of nrl.navy.mil's 'feature' of fingering the fingerer (ie: 'you') when you finger them] > Apparently the folks at nrl.navy.mil (Navy Research Laboratory) didn't > want to erect a full-fledged firewall, so they compromised on this. > It doesn't seem a very effective protection against the outside world > though. In fact it's rather amusing. Has anyone ever seen anything > else like this? yes! well, sortof.. read on: > I haven't checked to see whether their other daemons (e.g. rusersd) > are nosy too, but I wouldn't be surprised. Apparently `Caller ID' has > come to the Internet. and has been for at least a while.. in march or so of 91, on comp.unix.*, there was talk of a program that would wake up and do something when your account is fingered. generally, what happens is this: you make your .plan a FIFO queue that runs a program you specify whenever it becomes active. (at least, that's my understanding. i could be wrong.) anyway, i've written a companion to the program that does this (which is the purpose of the first program (to run another program when your .plan is opened). you can see this program in action if you finger cgw@ponder.csci.unt.edu. i don't login there much anymore, so i can't vouch for the availableness of this, but it should work. because of final exams in may, i didn't get a chance to make it use DNS to translate the IP addr to a hostname, but it's still an interesting thing. currently, the algorithm is this: do a ps and grep for 'finger'. then i can get the username and special-case that user. if it doesn't find anyone running finger, do a netstat and see what host has an open connection to port 79. it's admittedly in the stages of an advanced hack, and not exetremely useful in it's current state, but ideas i have for it are: a personalized message sender. say you're out of the office/room for a few minutes, and want to let someone know you're out. just add a line to a file, and the program will send it to users specified (somewhere). there are many more things you can do with this, but i'll refrain from going into them here. i got the program from someone off the net. since i've forgotten who it was, but still have the original mail, i'll entertain requests for it by email, if there's any interest. email _only_; if you post to the net, i'll ignore it. oh, i almost forgot the reason i'm posting.. my program currently logs usernames (if they're local) and host IPs if they're not. see? tcp/ip CallerId :) -cgw- >S. Maier | Internet: rsm@math.arizona.edu, rsm@cs.arizona.edu > Dept. of Math. | UUCP: uunet!arizona!amethyst!rsm > Univ. of Arizona | Bitnet: maier@arizrvax > Tucson, AZ 85721 | FAX: +1 602 621 8322 > U.S.A. | Voice(POTS): +1 602 621 6893 / +1 602 621 2617 ------------------------------------------------------------------------------- christopher williams, `gilligan', `dude', cgw@vaxb.acs.unt.edu, +1 817 565 4161 lead programmer/operator, the university of north texas, home of the _VaxCave_! `help stamp out and abolish redundancy!' my other .sig is boring too.
karl.kleinpaste@osc.edu (06/24/91)
rsm@math.arizona.edu: Several machines in the nrl.navy.mil domain have an interesting undocumented feature: if you finger them, they finger you right back! Examples are tiger.nrl.navy.mil and ccf.nrl.navy.mil. Now let me get this straight: I take a copy of Tiger's fingerd and I install it on foo.bar.bletch.edu. Logged into Foo, I finger joe@tiger.nrl.navy.mil. Watching my syslog in another window, I observe an incoming finger request from Tiger. This induces my fingerd (being a copy of Tiger's) to perform "finger @tiger.nrl.navy.mil" after which I observe another finger request coming back from Tiger, to which my fingerd responds with "finger..." --karl
suitti@ima.isc.com (Stephen Uitti) (06/25/91)
In article <1991Jun22.160026.8876@nntp.hut.fi> alo@hiisi.hut.fi (Antti Louko) writes: >In article <RSM.91Jun21182838@coral.math.arizona.edu> rsm@math.arizona.edu (Robert S. Maier) writes: >>Several machines in the nrl.navy.mil domain have an interesting >>undocumented feature: if you finger them, they finger you right back! >>Examples are tiger.nrl.navy.mil and ccf.nrl.navy.mil. Try it >>yourself; if your finger daemon logs incoming requests you'll pick >>it up at once. > >>though. In fact it's rather amusing. Has anyone ever seen anything >>else like this? > >I haven't seen it before, but I have thought about it. I decided not >to implement it. Why? Think about it. What if my fingerd and theirs >both implement this "feature"? How long they will keep fingering each >other? > >Or if I find another internet site who implements this, say >rixrax.foo.com and give command > >finger @tiger.nrl.navy.mil@rixrax.foo.com > >and let them finger each other forever. If it were my fingerd, and I wanted it to keep a log of people who had fingered my people, I'd only finger people I hadn't fingered recently. Recently means today, since last boot, or if the info isn't still in my fixed maximum sized LRU table, or whatever. The "I'm on vacation" automatic reply mailers are a harder problem. Stephen. suitti@ima.isc.com "We Americans want peace, and it is now evident that we must be prepared to demand it. For other peoples have wanted peace, and the peace they received was the peace of death." - the Most Rev. Francis J. Spellman, Archbishop of New York. 22 September, 1940
bygg@sunet.se (Johnny Eriksson) (06/25/91)
In article <1991Jun22.160026.8876@nntp.hut.fi> alo@hiisi.hut.fi (Antti Louko) writes:
# I haven't seen it before, but I have thought about it. I decided not
# to implement it. Why? Think about it. What if my fingerd and theirs
# both implement this "feature"? How long they will keep fingering each
# other?
#
# Or if I find another internet site who implements this, say
# rixrax.foo.com and give command
#
# finger @tiger.nrl.navy.mil@rixrax.foo.com
#
# and let them finger each other forever.
Why not:
finger @tiger.nrl.navy.mil@tiger.nrl.navy.mil
???
--Johnny