Preface: Finger forwardingLogo -Internet Security Systems

Finger forwarding
advICE :Intrusions : 2001102
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

An attempt has been made to use finger to forward a request to another system. This is often done by intruders to mask their true identity.

Details

Finger supports recursive queries. A query such as "rob@foo@bar" will ask "bar" to resolve "rob@foo", causing "bar" to query "foo". This technique can be used to hide the original source of the request.

Defense

Finger is a dangerous source of information, and should be disabled in /etc/inetd.conf. If not disabled, upgrade to a newer version, an open source version, or reconfigure the fingerd service.

 more information
Bounce attacks  
The general technique of relaying commands through a third party in order to mask where the attacks come from.  

 parametric information
commandThe finger command seen.
forwarding countThe number of @ symbols seen.

 
Version appeared:
Privacy Policy |  Copyright Info