Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

finger list + bounce

From: Claes Nyberg <md0claes () MDSTUD CHALMERS SE>
Date: Wed, 28 Mar 2001 21:03:32 +0200
Since its possible to bounce finger requests with the coomand
finger 123456@machine_1@machine_2@machine_3 ... @machine_n
on solaris 5.6 and 7 (dont know about 8) it is possible
to retrieve lists of users without revealing your ip.
Hard to trace if n is big enough (what is max?).

// CMN

-------------------------------------------------------------------
Email: md0claes () mdstud chalmers se
Home: http://www.mdstud.chalmers.se/~md0claes/
-------------------------------------------------------------------
Citation :
The number of UNIX installations has grown to 10, with more expected.
_The UNIX Programmer's Manual_, Second Edition, June, 1972
--------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: