Finger filename
advICE :Intrusions : 2001106

Summary

A suspicious user name was accessed, probably as an attempt to read a file from the system.

Details

Some finger services will allow a remote person to specify a filename to the finger service. Rather than looking up a users's name, the finger service will instead dump the contents of the file. This allows the intruder to read any file on the system that the finger service has access to. In particular, the intruder will probably be able to read the /etc/passwd file and crack passwords.

parametric information command The finger command seen, which will indicate the file being accessed.

 
Version appeared: 2.5