FINGER: How can I know who is fingering or fingered me?

FINGER: How can I know who is fingering or fingered me?

Post by Yang Wa » Sun, 05 Dec 1993 07:42:39



Hi, netters,

Does anybody know if I can aware somebody is fingering me or once fingered
me? If yes, can you tell me how? I once saw such kind of discussions here. I
think it is enough to know which machine is fingering me.

Many thanks.

--Yang Wang
------------------------------
Dept. of Systems Design Engg.
University of Waterloo
Waterloo, Ont. Canada N2L 3G1

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Jason R. Mastal » Sun, 05 Dec 1993 15:34:12



>Hi, netters,

>Does anybody know if I can aware somebody is fingering me or once fingered
>me? If yes, can you tell me how? I once saw such kind of discussions here. I
>think it is enough to know which machine is fingering me.

>Many thanks.

>--Yang Wang
>------------------------------
>Dept. of Systems Design Engg.
>University of Waterloo
>Waterloo, Ont. Canada N2L 3G1


      Generally, you can't find out the userid of someone who is
      fingering you from a remote machine.  You may be able to
      find out which machine the remote request is coming from.
      One possibility, if your system supports it and assuming
      the finger daemon doesn't object, is to make your .plan file a
      "named pipe" instead of a plain file.  (Use 'mknod' to do this.)

      You can then start up a program that will open your .plan file
      for writing; the open will block until some other process (namely
      fingerd) opens the .plan for reading.  Now you can whatever you
      want through this pipe, which lets you show different .plan
      information every time someone fingers you.

      Of course, this may not work at all if your system doesn't
      support named pipes or if your local fingerd insists
      on having plain .plan files.

      Your program can also take the opportunity to look at the output
      of "netstat" and spot where an incoming finger connection is
      coming from, but this won't get you the remote user.

      Getting the remote userid would require that the remote site be
      running an identity service such as RFC 931.  There are now three
      RFC 931 implementations for popular BSD machines, and several
      applications (such as the wuarchive ftpd) supporting the server.
      For more information join the rfc931-users mailing list,

      There are three caveats relating to this answer.  The first is
      that many NFS systems won't recognize the named pipe correctly.
      This means that trying to read the pipe on another machine will
      either block until it times out, or see it as a zero-length file,
      and never print it.

      The second problem is that on many systems, fingerd checks that
      the .plan file contains data (and is readable) before trying to
      read it.  This will cause remote fingers to miss your .plan file
      entirely.

      The third problem is that a system that supports named pipes
      usually has a fixed number of named pipes available on the
      system at any given time - check the kernel config file and
      FIFOCNT option.  If the number of pipes on the system exceeds the
      FIFOCNT value, the system blocks new pipes until somebody frees
      the resources.  The reason for this is that buffers are allocated
      in a non-paged memory.

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Keith M Swar » Mon, 06 Dec 1993 07:56:29



>Does anybody know if I can aware somebody is fingering me or once fingered
>me? If yes, can you tell me how? I once saw such kind of discussions here. I
>think it is enough to know which machine is fingering me.


somewhere) a program that follows his suggestion of observing "netstat".
When a connection is made to your machine through the finger port, netstat
records the machine the signal is coming from; the perl program catches
this, and sends you a message saying where it came from.

This worked great at MIT, where 99% of the machines were single-user.
However, in an environment where most machines are time-shared, this doesn't
work very well, since you're only getting the machine, and not the person
who actually fingered you.

-- Keith
===============================================================================

Oracle Corporation Worldwide Support            Phone   : 415-506-5410
Associate Technical Analyst, Applications       FAX     : 415-506-7821
===============================================================================

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Elya S. Kurktc » Mon, 06 Dec 1993 10:33:39


Well, on my system, I edited /usr/etc/inetd.conf and found the
fingerd line and put a -l there.  So now, it does a fingerd -l
and logs the name of the machine that is fingering me in my SYSLOG
file.  Do a man fingerd on your machines and find out what file
to edit.

Elya.

----------------------------------------------------------------------------
| Elya S. Kurktchi                     Scientific Computing Center         |
| Network Systems Manager              La Jolla Cancer Research Foundation |

| Phone: (619) 455-6480 x405           La Jolla, CA  92037                 |
| Fax:   (619) 453-2242                "X-Ray Protein Crystallography"     |
----------------------------------------------------------------------------

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Jacob DeGlopp » Mon, 06 Dec 1993 14:41:26





>>Well, on my system, I edited /usr/etc/inetd.conf and found the
>>fingerd line and put a -l there.  So now, it does a fingerd -l
>>and logs the name of the machine that is fingering me in my SYSLOG
>>file.  Do a man fingerd on your machines and find out what file
>>to edit.

>Didn't work at all for me - the only file mentioned after man fingerd
>was: /usr/etc/in.fingerd - and that didn't look too editable. Maybe this
>is system specific?

Not really, but note that she is the system administrator.  The file
to edit is /etc/inetd.conf, or wherever your inetd looks.  The flag
to fingerd may well be system-specific,

My more general solution to this is 1) Use tcp_wrapper to record and
audit all incoming TCP connections. 2) Modify the fingerd sources to
log via syslog the name (data portion) of the incoming finger.

Again, you must be root to do any of these.

--
Jacob DeGlopper, EMT-A    |    Case Western Reserve University


+1 216 754 1638           |    Opinions my own...

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Tim Whi » Tue, 07 Dec 1993 00:00:01



>My more general solution to this is 1) Use tcp_wrapper to record and
>audit all incoming TCP connections. 2) Modify the fingerd sources to
>log via syslog the name (data portion) of the incoming finger.

   Dr Daniel O'Callaghan at the University of Melbourne, Austin Hospital
  has just put up a fingerd for anonymous ftp at ftp.austin.unimelb.edu.au
  that will log the data.  Also tries to identify netfind queries. The file
  is called /Public/Unix/fingerd-nf-1.01.tar.Z.

Quote:>Again, you must be root to do any of these.

   Yep.
==============================================================================
Tim White                                University of South Carolina

(803)-777-7840                               Columbia, S.C. 29208
 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Joel M. Hoffm » Wed, 08 Dec 1993 01:52:36


>>Does anybody know if I can aware somebody is fingering me or once fingered
>>me? If yes, can you tell me how? I once saw such kind of discussions here. I
>>think it is enough to know which machine is fingering me.


>somewhere) a program that follows his suggestion of observing "netstat".
>When a connection is made to your machine through the finger port, netstat
>records the machine the signal is coming from; the perl program catches
>this, and sends you a message saying where it came from.

>This worked great at MIT, where 99% of the machines were single-user.
>However, in an environment where most machines are time-shared, this doesn't
>work very well, since you're only getting the machine, and not the person
>who actually fingered you.

You might go one step further, and finger the remote machine, and see
who is logged in and not idle.  On large machines, of course, this may
not narrow down the list very much, but it will at least give a list
of people to choose from.

-Joel

--
-----------------------------------------------------------------------------
|_|~~ Germany, Europe. 1943.    "The diameter of the bomb was 30 centimeters,
__|~| 16 Million DEAD.           and the diameter of its destruction, about 7
                                meters, and in it four killed and 11 wounded.
 cnc  Bosnia, Europe. 1993.     And around these, in a larger circle of  pain
 cnc  HOW MANY MORE?          and time,  are scattered two  hospitals and one
                          cemetery.   But the young woman who was  buried  in
                    the place from where she came, at a distance of more than
             than 100 kilometers, enlarges the circle considerably.   And the
      lonely man who is mourning her death in a distant  country incorporates
into the circle the whole world.  And I won't speak of the cry of the orphans
that reaches God's chair and from there makes the circle endless and godless."
-----------------------------------------------------------------------------

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Elya S. Kurktc » Wed, 08 Dec 1993 03:24:22


Quote:>Not really, but note that she is the system administrator.  The file

                           ^^^
                           Actuall, I'm a "he".

----------------------------------------------------------------------------
| Elya S. Kurktchi                     Scientific Computing Center         |
| Network Systems Manager              La Jolla Cancer Research Foundation |

| Phone: (619) 455-6480 x405           La Jolla, CA  92037                 |
| Fax:   (619) 453-2242                "X-Ray Protein Crystallography"     |
----------------------------------------------------------------------------

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Erwan Dav » Wed, 08 Dec 1993 17:34:18



Quote:

>You might go one step further, and finger the remote machine, and see
>who is logged in and not idle.  On large machines, of course, this may
>not narrow down the list very much, but it will at least give a list
>of people to choose from.

        Don't do it ! Think what will happen if the person who
fingered you has the same installation: there will be endless fingering
requests both sides!

        Erwan

PS : could you please restrict your signature to 4 lines ?

--

45 rue d'Ulm |                          | je m'en rapproche de plus en plus"

FRANCE       |                          |   Julos Beaucarne

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Roger Espel Lli » Wed, 08 Dec 1993 19:54:51



>>> Nntp-Posting-Host: clipper-gw.ens.fr

>You might go one step further, and finger the remote machine, and see
>who is logged in and not idle.  On large machines, of course, this may
>not narrow down the list very much, but it will at least give a list
>of people to choose from.

>>>    Don't do it ! Think what will happen if the person who
>>> fingered you has the same installation: there will be endless fingering
>>> requests both sides!
>>>    Erwan

Well then you could rusers the remote machine.

                                        Roger

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Jozsef Ferin » Thu, 09 Dec 1993 02:21:07




>>>> Nntp-Posting-Host: clipper-gw.ens.fr


>>You might go one step further, and finger the remote machine, and see
>>who is logged in and not idle.  On large machines, of course, this may
>>not narrow down the list very much, but it will at least give a list
>>of people to choose from.

>>>>        Don't do it ! Think what will happen if the person who
>>>> fingered you has the same installation: there will be endless fingering
>>>> requests both sides!

>>>>        Erwan

>Well then you could rusers the remote machine.

I made a simple Finger Alert Daemon, which says you the
name of the remote machine. It's for one machine. If you
have a cluster of machines (like me), the solution isn't
nice... (you need it for each machine). I have tested it
for Indigo. For the short C source drop me a mail.

Best regards, Jozsef

--

Freie Universitaet Berlin
Institut fuer Organische Chemie      Tel.: (+49 30) 838-2677, 838-5363
Takustr. 3, D-14195 Berlin, Germany  Fax : (+49 30) 838-5163, 838-4248

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Jonath » Fri, 10 Dec 1993 07:42:48




: >You might go one step further, and finger the remote machine, and see
: >who is logged in and not idle.  On large machines, of course, this may
: >not narrow down the list very much, but it will at least give a list
: >of people to choose from.
:
:       Don't do it ! Think what will happen if the person who
: fingered you has the same installation: there will be endless fingering
: requests both sides!

No there won't surely? Correct me if I'm wrong, but this procedure will only
activate if a user's .plan file is opened. When you finger a site, rather
than a specific user, no-one's .plan at that remote site should be touched,
and so the anti-social occurrence of which you speak should never eventuate.

Cheers,

Jonathon.

 
 
 

FINGER: How can I know who is fingering or fingered me?

Post by Bruno Tregui » Sat, 11 Dec 1993 23:36:55


|>
|> No there won't surely? Correct me if I'm wrong, but this procedure will only
|> activate if a user's .plan file is opened. When you finger a site, rather
|> than a specific user, no-one's .plan at that remote site should be touched,
|> and so the anti-social occurrence of which you speak should never eventuate.

If you have log_tcp-5.1 installed, you can log any connection attempt
on any daemon controlled by inetd, as finger usually is. So you can
finger back the calling machine in an automatic way to see who is
logged. This "backfinger" feature is triggered by the call itself, not
by the fact that a .plan file is opened.

And you can protect yourself from the loop that may occur if the other
machine also uses the same mechanism,  simply by launching a script that
only fingers back the calling machine ONLY if this hasn't been done
for a certain amount of time (several minutes for example).

Bruno

--

Centre de Programmation de la Marine |   celles qui savent compter,
Paris, FRANCE                        |   et celles qui ne savent pas..."