> > The next thing I would like to do is to figure out exactly who on the remote
> > host has executed the "finger @" command.  Would this be possible?

> Ah, that's an easy question, which I'll answer with two questions.

> Suppose I take a single-board micro, put a TCP/IP stack on it, and have it
> issue finger connection requests to your system from its boot prom.

Okay, that's fine...  That is the exception.

> Who is executing finger?

Who cares if that is the case, because that would generally be easy to find
out if the system is a single-user, non-secured system.  In which case you
would know that only a "single" user was fingering your system from a non
standard platform.  You could blow this off. 
 
> For a less extreme example (which may therefore be more or less convincing),
> suppose I take my NetBSD system, boot it to single user mode, add user id's
> constructed as "user000" through "user999", and then write a tedious shell
> script using sudo or some similar program to run finger as each uid.

Okay, this is possibly, but why would someone do this?  I suppose if your
intent was to deceive the remote system, you can almost always do this no
matter what they try to use for authenticatoin.  

> Who is executing finger?	(me, or user550?)

Again, if they are really trying to deceive you, then you won't know, and
if you care then just block their site...

> If you're still convinced that the question has a meaning, much less an
> answer, the final answer is that the existing finger programs certainly don't
> make any effort to provide that information.  But the real answer is that
> if you care about the answer to the question, you can't believe any answer
> that you come up with.

This is true, but at least you would have a place to start from.  I would have
to say that the "average" person who runs a "finger @" doesn't care about
trying to conceal their identity, specially if they don't know it is being
compromised.



------------------------------------------------------------------------------