Vulnerability Development mailing list archives
finger list + bounce
From: Claes Nyberg <md0claes () MDSTUD CHALMERS SE>
Date: Wed, 28 Mar 2001 21:03:32 +0200
Since its possible to bounce finger requests with the coomand finger 123456@machine_1@machine_2@machine_3 ... @machine_n on solaris 5.6 and 7 (dont know about 8) it is possible to retrieve lists of users without revealing your ip. Hard to trace if n is big enough (what is max?). // CMN ------------------------------------------------------------------- Email: md0claes () mdstud chalmers se Home: http://www.mdstud.chalmers.se/~md0claes/ ------------------------------------------------------------------- Citation : The number of UNIX installations has grown to 10, with more expected. _The UNIX Programmer's Manual_, Second Edition, June, 1972 --------------------------------------------------------------------
Current thread:
- finger list + bounce Claes Nyberg (Mar 28)