Security Basics mailing list archives
RE: Remotely check login status
From: "Dan Denton" <ddenton () remitpro com>
Date: Tue, 20 Jan 2009 14:42:02 -0600
Hello All, It is also possible to check by using ssh commands remotely in combination with the users, w, who, and finger commands. ssh user@hostname /usr/bin/users ssh user@hostname /usr/bin/w ssh user@hostname /usr/bin/who ssh user@hostname /usr/bin/finger The full path to these commands probably isn't necessary, but included for reference. Here you're using an encrypted protocol and password is required (unless pub keys are used...). Dan -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nikhil Wagholikar Sent: Monday, January 19, 2009 9:20 PM To: security-basics () securityfocus com Subject: Re: Remotely check login status Hi Christian, Your requirement can be satisfied with FINGER service. The Finger protocol is used to find out information about users on a remote system without authentication. Finger servers can usually provide either a list of logged-in users or detailed information on a single user. However, from security perspective, this is not a recommended service to keep ON or available over the network. More Info about Finger service: http://probing.csx.cam.ac.uk/about/finger.html --- Nikhil Wagholikar Practice Lead | Security Assessment & Digital Forensics Network Intelligence (India) Pvt. Ltd. [NII Consulting] Web: http://www.niiconsulting.com/ Security Products: http://www.niiconsulting.com/products.html 2009/1/18 Christian Eibl <chreibl () gmx de>
Hi all, I was wondering, if there exist means of checking remotely whether someone is already logged onto the system. Since most modern systems today need users to input their authentication data instead of automatically provide full access, there obviously are different states in the operating
systems,
i.e., just completely started up or even with users active in the system. This question does not aim at a specific OS but is meant for all systems. The most obvious way of such checks would consist of specific network services only started by certain users on the systems. Well, I am no Windows geek, but I could also imagine that file or printer sharing together with this port 139 / 445 stuff could provide information about this, but I am not sure... Anyone an idea how or whether this is possible? It is especially
interesting
concerning privacy within networks. Regards, Christian
Current thread:
- Remotely check login status Christian Eibl (Jan 19)
- Re: Remotely check login status Francesc Vila (Jan 19)
- RE: Remotely check login status Jason Hurst (Jan 20)
- RE: Remotely check login status Chadha, Sachin (Jan 20)
- RE: Remotely check login status Jason Hurst (Jan 20)
- Re: Remotely check login status Meta Junkie (Jan 19)
- Re: Remotely check login status Salvador III Manaois (Jan 20)
- Re: Remotely check login status Nikhil Wagholikar (Jan 20)
- RE: Remotely check login status Dan Denton (Jan 20)
- Re: Remotely check login status Christian Eibl (Jan 21)
- RE: Remotely check login status Jeremi Gosney (Jan 21)
- <Possible follow-ups>
- Re: Remotely check login status chmod177 (Jan 21)
- Re: Remotely check login status Francesc Vila (Jan 19)