noamb@over.caltech.edu (Noam Bernstein) (06/10/91)
Hi I've been led to understand that in some newsgroup someplace there's been a discussion of how to tell who is fingering you when. I currently have my .plan as a named pipe, with a daemon to monitor it and give time dependent output. I'd like to know how my plan program can find out who I'm being fingered by. If anyone out there knows how to do this, I'd appreciate any information about it. thanks, Noam B. noamb@through.ugcs.caltech.edu noamb@tybalt.caltech.edu
sean@ms.uky.edu (Sean Casey) (06/10/91)
The answer is: it can't. The IP protocols do not transmit userid information, and neither does the finger protocol. A system using Dan Bernstein's mods would be able to supply userid info, but your fingerd daemon would need to be modified to use his authentication libary. (Wish everyone was using it) Sean -- ** Sean Casey <sean@s.ms.uky.edu>
rcbarn@rwa.urc.tue.nl (Raymond Nijssen) (06/11/91)
sean@ms.uky.edu (Sean Casey) writes: > >The answer is: it can't. The IP protocols do not transmit userid >information, and neither does the finger protocol. A system using Dan >Bernstein's mods would be able to supply userid info, but your fingerd >daemon would need to be modified to use his authentication libary. As a very simple but useful workaround in this case, you can use a fingerd that immediately fingers back to the host it receives a request from, thus revealing potential userid of people who are fingering your system. Have a look at ftp.win.tue.nl:~ftp/pub/logdaemon.tar.Z (available for anon. ftp). It contains various utilities of this kind written by Wietse Venema. -Raymond -- | Raymond X.T. Nijssen | Eindhoven Univ. of Technology | | raymond@es.ele.tue.nl | EH 7.13, PO 513, 5600 MB Eindhoven, The Netherlands | | "Don't put that on the wall in a tax-payer supported museum!" Pat Buchanan |
jaenicke@w414zrz.ee.tu-berlin.de (Lutz Jaenicke) (06/12/91)
In article <rcbarn.676630997@rwa.urc.tue.nl> rcbarn@urc.tue.nl writes: > >As a very simple but useful workaround in this case, you can use a >fingerd that immediately fingers back to the host it receives a request >from... > >-Raymond Seems to be quite a good way. I hope that there are not too much people this special fingerd or that a lock on maximum fingerd uses is applied. Or would you like your fingerd to finger the fingerer, calling his fingerd, which therefore fingers _you_ again, forcing your fingerd-system to finger... Would be fun, wouldn't it? Lutz -- Lutz Jaenicke jaenicke@w414zrz.ee.tu-berlin.de Institut fuer Elektrische Maschinen jaenicke@emapollo.ee.tu-berlin.de Technische Universitaet Berlin Tel. (004930)314-24552 Einsteinufer 11, D-1000 Berlin 10 Fax. (004930)314-21133
gary@sci34hub.sci.com (Gary Heston) (06/17/91)
In article <rcbarn.676630997@rwa.urc.tue.nl> rcbarn@urc.tue.nl writes: =sean@ms.uky.edu (Sean Casey) writes: => =>The answer is: it can't. The IP protocols do not transmit userid =>information, and neither does the finger protocol. A system using Dan =>Bernstein's mods would be able to supply userid info, but your fingerd =>daemon would need to be modified to use his authentication libary. =As a very simple but useful workaround in this case, you can use a =fingerd that immediately fingers back to the host it receives a request =from, thus revealing potential userid of people who are fingering your =system. Have a look at ftp.win.tue.nl:~ftp/pub/logdaemon.tar.Z =(available for anon. ftp). It contains various utilities of this =kind written by Wietse Venema. ...and when a user on a machine implementing this fingers someone on another machine implementing it, the second machine fingers the first to see who it is, causing the first machine to finger the second again, causing the second to finger the first again, etc., etc., etc. Sounds like positive feedback, to me. It would be better to change finger to provide the requesting uid, and fingerd to reject requests that don't provide it. -- Gary Heston System Mismanager and technoflunky uunet!sci34hub!gary or My opinions, not theirs. SCI Systems, Inc. gary@sci34hub.sci.com I support drug testing. I believe every public official should be given a shot of sodium pentathol and ask "Which laws have you broken this week?".
rcbarn@rwa.urc.tue.nl (Raymond Nijssen) (06/19/91)
gary@sci34hub.sci.com (Gary Heston) writes: >In article <rcbarn.676630997@rwa.urc.tue.nl> rcbarn@urc.tue.nl writes: >=sean@ms.uky.edu (Sean Casey) writes: >=> >=>The answer is: it can't. The IP protocols do not transmit userid >=>information, and neither does the finger protocol. [...] >=As a very simple but useful workaround in this case, you can use a >=fingerd that immediately fingers back to the host it receives a request >=from, thus revealing potential userid of people who are fingering your >=system. [...] >...and when a user on a machine implementing this fingers someone on >another machine implementing it, the second machine fingers the first >to see who it is, causing the first machine to finger the second again, >causing the second to finger the first again, etc., etc., etc. It seems that my previous posting could easily be misunderstood; I did not at all mean to suggest that these very simple workarounds were capable of solving all shortcomings of the IP protocols; they merely exchange one disadvantage for another. >Sounds like positive feedback, to me. Well, don't be so negative before you had a look at it; I don't know exactly how smart these tools are, but I can very well imagine that some kind of very trivial check to avoid unnecessary backfingers is built in. >It would be better to change finger to provide the requesting uid, >and fingerd to reject requests that don't provide it. The problem is not just fingerd; in general, all IP stuff suffers from some kind of this problem. As for me, I can't think of no good reason why IP protocols don't transmit UID info, but I guess we'll have to live with it. >Gary Heston System Mismanager and technoflunky uunet!sci34hub!gary or -Raymond -- | Raymond X.T. Nijssen | Eindhoven Univ. of Technology | | raymond@es.ele.tue.nl | EH 7.13, PO 513, 5600 MB Eindhoven, The Netherlands | | "Don't put that on the wall in a tax-payer supported museum!" Pat Buchanan |
wswietse@svbs01.bs.win.tue.nl (Wietse Venema) (06/27/91)
>=As a very simple but useful workaround in this case, you can use a >=fingerd that immediately fingers back to the host it receives a request >=from, thus revealing potential userid of people who are fingering your >=system. Have a look at ftp.win.tue.nl:~ftp/pub/logdaemon.tar.Z >=(available for anon. ftp). It contains various utilities of this >=kind written by Wietse Venema. Correction: this archive only contains programs that report the remote host name (and user name in case of rlogin/rsh connections). There are just too many potential problems with automatic backfingering.