[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIH] security doubt

To: "linux-india" <linux-india-general@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [LIH] security doubt
From: " SEN" <sbsen@xxxxxxxxxxxxxxxx>
Date: Fri, 30 Jun 2000 13:09:44 +0530

On Friday, June 30, 2000 2:02 AM  Atul Mehta atulm@xxxxxxxxxxxxxxx>said

> I have a doubt about the feasibility of running finger, telnet
>etc. on a web-server. I think that it can be risky since finger can be
>used to get info abt the users of the server and also telnet etc. has
>security problems unless ssh extensions are there..

If somebody were to send a \r\n to port 79 on a remote host, the finger
server that's listening , will reply with the list of all users on the host
& some other info such as their real names ec...
Many sites consider this an invasion of privacy & disable finger.
(if you want more I can specify the exact procedure.....)
Also communication over telnet is not secure, you've got to
use ssh, or its cousin open ssh.

Bye
Kaushik

Check out -Bastille Project~~>http://www.bastille-linux.org/
                    CERT~~~>http://www.cert.org/

Prev by Subject: Re: [LIH] Require some programme for keepling server statistics...
Next by Subject: [LIH] thought you ppl may be interested
Previous by thread: MySQL/GPL
Next by thread: Article in Economic Times
Index(es):
- Subject
- Thread