Subject: Re: *** FingerD ***
To: Evil Pete <>
From: Robert Shady <>
List: current-users
Date: 03/01/1994 06:59:40
>>> For a less extreme example (which may therefore be more or less convincing),
>>> suppose I take my NetBSD system, boot it to single user mode, add user id's
>>> constructed as "user000" through "user999", and then write a tedious shell
>>> script using sudo or some similar program to run finger as each uid.

>>Okay, this is possibly, but why would someone do this?  I suppose if your
>>intent was to deceive the remote system, you can almost always do this no
>>matter what they try to use for authenticatoin.  

> true, what if you
> 	finger @destination@other_host

> Also what if the remote host has a bogus identd or has a
> .noident file?

So what?  I wasn't trying to come up with a fool-proof way of detecting who
fingered the system.  It was only meant to give the sa more of an idea who
it was.

													-- Rob Shady --