|
|
The command:
finger 0@smaug
produces the output:
[smaug.intra.networkice.com]
Login Name TTY Idle When Where
daemon ??? < . . . . >
bin ??? < . . . . >
sys ??? < . . . . >
nfr ??? pts/3 <Dec 19 15:23> robg.10.0.1.1
All those accounts with either no name or GECOS field will be returned. Test Connect to finger port, send string "0\n", parse output to determine if user names are returned. Pattern Look for finger connection with contents of "0\n" Defense Finger is a dangerous source of information, and should be disabled in /etc/inetd.conf. Otherwise, upgrade the version of fingerd. Since many vendor's products ship with this as an integral feature, an open source version should be used instead.
|
