grendel@calypso.arc.nasa.gov (That monstrous man-eating descendant of Cain) (03/27/91)
Sorry if you have seen this twice... I'm interested in fingering and logging incomming ftp'ers. Boorish I know, but I don't make the rules around here. I've noticed several systems on internet which do this. If you admin one of these systems could you email or post your method. I have perl running if your method uses it. cheers, -- Ray Suorsa, grendel@opos.arc.nasa.gov, NASA Ames Research Center,USA (415) 604-6334, Fax x3950
dan@gacvx2.gac.edu (03/27/91)
In article <1991Mar27.021119.8023@riacs.edu>, grendel@calypso.arc.nasa.gov (That monstrous man-eating descendant of Cain) writes: > Sorry if you have seen this twice... > > I'm interested in fingering and logging incomming ftp'ers. Boorish I > know, but I don't make the rules around here. I've noticed several > systems on internet which do this. If you admin one of these systems > could you email or post your method. I have perl running if your > method uses it. > > cheers, > -- > Ray Suorsa, grendel@opos.arc.nasa.gov, > NASA Ames Research Center,USA (415) 604-6334, Fax x3950 You didn't say if you want to finger anonymous FTP users or only people logging in with real usernames. I am addressing your question from the point of view of anonymous FTP. Fingering anonymous FTP users might not be such a great idea. Very few sites have perfectly working finger daemons. Many sites have removed finger because it was used as part of the Morris Worm. Many security minded system administrators consider finger to be a security risk because it gives the usernames of people on their system. You could require the remote site to run a security verification daemon like the one used by the MILNET TACS or PC NFS. Yet another reason is the tradition with anonymous ftp to enter your e-mail address as the password. I enter "dan@gac.edu" which is a domain mail forwarder, not a real host. A better solution for anonymous FTP might be to do a nameserver lookup on the IP address of the system calling you, verifying that the DNS knows about the hosts. The ftp server at FTP.UU.NET does this, they have the source for the modified "ftpd" on ftp.uu.net I think. With the valid hostname for a host it becomes possible to watch for abuse and lock out sites that have abusive users. With the current state of finger, I wouldn't want to trust it to do user verification except in a manual sense with a human in control. There is hope for finger, but future versions are not likely to support giving you the username of someone logged on to another host (there is a new RFC and it has some interesting lines about fingering the pop machine down the hall.) Most security minded administrators are moving away from using usernames as e-mail addresses. You might want to check the archives of this group. I remember a set of messages about adding text to the standard messages that FTPD sends out. Someone responded that they had an improved FTPD that might be a place to start. -- Dan Boehlke Internet: dan@gac.edu Campus Network Manager BITNET: dan@gacvax1.bitnet Gustavus Adolphus College St. Peter, MN 56082 USA Phone: (507)933-7596