Unidentified subject!
Hi,
I intend to package ffingerd, another finger daemon. Here an except
from the README:
- - - - - - - - Snip here to damage your screeen - - - - - - - -
ffingerd - Fefe's small and secure finger daemon
This finger daemon is meant to be invoked via inetd, just like the
standard finger daemon. I wrote this program because the standard
finger daemon allows several things I don't like, namely :
evil.com$ finger root@poor.victim.com@innocuous.edu
- which is like "finger root@poor.victim.com", but the finger
originates from innocuous.edu instead of evil.com
evil.com$ finger @poor.victim.com
- which lists all the users logged into poor.victim.com, so an
intruder can look whether someone is logged in who could detect
his intrusion
evil.com$ finger luser@poor.victim.com
Login: luser Name: J. Random Luser
Directory: /home/luser Shell: /bin/sh
Last login Thu Nov 2 01:49 (MET DST) on ttyp3 from other.victim.com
No mail.
No Plan.
- Why should finger give away the home directory and the login shell
of all the lusers ? The "Last login" information should not be
given away, too, as it can be used to find seldom used accounts
which can safely be cracked into. I don't think we should tell
the fingeree whether luser has mail.
This is this finger daemon's output:
evil.com$ finger root@poor.victim.com@innocuous.edu
[innocuous.edu]
Sorry, we do not support indirect finger queries.
evil.com$ finger @poor.victim.com
[poor.victim.com]
Sorry, we do not support empty finger queries for security reasons.
evil.com$ finger luser@poor.victim.com
[poor.victim.com]
Login: luser Name: J. Random Luser
No project.
No plan.
No PGP public key.
evil.com$ finger root@poor.victim.com
[poor.victim.com]
That user does not want to be fingered
That last message appears when the fingered user has the file
".nofinger" in his home. The PGP public key is the file ".pubkey"
which is treated just like the ".plan" file.
Fingerd creates several syslog messages if something suspicious
happens :
Nov 3 19:13:21 xorn fingerd[1033]: attempt to finger root from 127.0.0.1
Nov 3 19:14:12 xorn fingerd[1052]: empty finger attempt from 127.0.0.1
Nov 3 19:15:53 xorn fingerd[1077]: indirect finger attempt at root@localhost from 127.0.0.1
Aug 26 00:51:11 xorn syslog: file "/home/leitner/.plan" is a symbolic link to "/etc/shadow"!
- - - - - - - - Snip here to damage your screeen - - - - - - - -
Cheers
Christian
--
********************************************************************
* Christian Kurz Debian Developer/QA-Team *
* Use Debian - a free Operating System for your PC *
********************************************************************
Reply to: