Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Forwared to me

From: tsoome () UT EE (Toomas Soome)
Date: Sat, 11 Jul 1998 00:44:58 +0300

On Thu, 9 Jul 1998, Raymond Medeiros wrote:


I would have to only completely agree with you.  This fix which was
contained in the ISS security announcement was indeed very weak.  My
suggestion was to at the very least deny access to finger requests from
the outside.  This attack really isn't that bad however I have been able
to take out a machine on my own subnet using a simple perl script.  In
reality it doesn't appear to be more of a threat than a ping flood.  I
have also looked into using it as part of the beginning to a spoofing
attack (under controlled conditions of course) and it has no apparent
value.  Never the less it should be brought to everyones attention as it
is such a simple implementation and just one more reason to be suspicious
of the use of yp.



ok, there MAY be some problems with it, but I think real answer for such
problems is cacheing. I once wrote a little fix for some public finger to
improve it's working speed with NIS+ - full table listings with NIS+ are
quite bad thing in terms of perfomance. So finger will check if it's cache
is fresh enough, if yes, all data will come fom cache, if not, finger will
update cache.... sources are in
ftp.ut.ee/pub/unix/sun/Solaris/soft/finger/, if anybody will interest... I
will not quarantee anything...

toomas soome
Tartu University, Estonia
--
My way of joking is to tell the truth.
That's the funniest joke in the world.
                -- Muhammad Ali
Previous By Date Next
Previous By Thread Next

Current thread: