Title: Overview of Finger

KBTAG: kben10000125
URL: http://www.securityportal.com/lskb/10000100/kben10000125.html
Date created: 06/08/2000
Date modified: 10/08/2000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Overview of Finger
Keywords: Network/UserInfo

Summary:

Finger is one of those things most admins just disable and ignore. It is a useful tool on occasion, but if you want to allow other admins to figure out which of your users is currently trying to crack their machines, use identd. Finger lets out way to much info, and is a favorite tool for initial probes and data gathering on targets. There have also been several nasty DOS attacks released, basically consisting of sending hundreds of finger requests and in certain configurations just watching the server croak. Please don't run finger. Many distributions ship with it enabled, but to quote inetd.conf from Red Hat:

# Finger, systat and netstat give out user information which may be
# valuable to potential "system crackers." Many sites choose to disable 
# some or all of these services to improve security.

If you still have the urge that you absolutely must run it use -u to deny finger @host requests that are only ever used to gather information for future attacks. Disable finger, really. Fingerd has also been the cause of a few recent and very bad denial of service attacks, especially if you run NIS with large maps, DO NOT, repeat NOT run fingerd. Finger runs on port 79, and cfingerd runs on port 2003, both use tcp.

ipfwadm -I -a accept -P tcp -S 10.0.0.0/8 -D 0.0.0.0/0 79
ipfwadm -I -a accept -P tcp -S some.trusted.host -D 0.0.0.0/0 79
ipfwadm -I -a deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 79

or

ipchains -A input -p tcp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 79
ipchains -A input -p tcp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 79
ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 79

More information:

 

 

Downloads:

Cfingerd

Cfingerd (configurable fingerd) is a great replacement for the stock fingerd, it was built with security in mind, runs as a non-root user typically, and users can easily configure it so they aren’t fingerable. Cfingerd is available from: http://ftp.bitgate.com/cfingerd/

PFinger

PFinger is similar to Cfingerd in that it is a secure replacement for the stock fingerd. You can get PFinger from: http://www.xelia.ch/unix/pfinger/.

The Finger Server

The Finger Server is a nice web based finger server that gives users the ability to update their finger information themselves. You can get it at: http://www.glazed.org/finger/.