Subject: Re: *** FingerD ***
To: Robert Shady <>
From: Evil Pete <>
List: current-users
Date: 03/01/1994 00:25:13
>> For a less extreme example (which may therefore be more or less convincing),
>> suppose I take my NetBSD system, boot it to single user mode, add user id's
>> constructed as "user000" through "user999", and then write a tedious shell
>> script using sudo or some similar program to run finger as each uid.

>Okay, this is possibly, but why would someone do this?  I suppose if your
>intent was to deceive the remote system, you can almost always do this no
>matter what they try to use for authenticatoin.  

true, what if you

	finger @destination@other_host

the point it to get most of the cases, not all of them!

Also what if the remote host has a bogus identd or has a
.noident file?