The Finger protocol returns information on one or more users on a specified host. It's commonly used to see if someone is currently logged on, or to figure out someone's login name , to send them mail. RFC 1288 [Zimmerman 1991] specifies the protocol.
Many sites do not run a Finger server for two reasons. First, a programming error in an earlier version of the server was one of the entry points used by the infamous Internet worm of 1988. (RFC 1135 [Reynolds 1989] and [Curry 1992] describe the worm in more detail.) Second, the Finger protocol can reveal detailed information on users (login names , phone numbers , when they last logged in, etc.) that many administrators consider private. Section 3 of RFC 1288 details the security aspects of this service.
From a protocol perspective, the Finger server has a well-known port of 79. The client does an active open to this port and sends a one-line query. The server processes the query, sends back the output, and closes the connection. The query and response are NVT ASCII, similar to what we saw with FTP and SMTP.
While most Unix users access the Finger server using the finger (1) client, we'll start by using the Telnet client to connect directly to the server and see the one-line commands issued by the client. If the client query is an empty line (which in NVT ASCII is transmitted as a CR followed by an LF), it is a request for information on all online users.
sun % telnet slip finger Trying 220.127.116.11 ... first three lines are output by Telnet client Connected to slip. Escape character is '^]'. here we type RETURN as the Finger client command Login Name Tty Idle Login Time Office Office Phone rstevens Richard Stevens *co 45 Jul 31 09:13 rstevens Richard Stevens *c2 45 Aug 5 09:41 Connection closed by foreign host. output by Telnet client
The blank output fields for the office and office phone are taken from optional fields in the user 's password file entry (which aren't present in this example).
The server must be the end that does the active close, since a variable amount of information is returned by the server, and the reception of the end-of-file by the client is how the client knows when the output is complete.
When the client request consists of a username, the server responds with information only about that user. Here's another example, with the Telnet client output removed:
sun % telnet vangogh.cs.berkeley.edu finger rstevens this is the client request we type Login: rstevens Name: Richard Stevens Directory: /a/guest/rstevens Shell: /bin/csh Last login Thu Aug 5 09:55 (PDT) on ttyq2 from sun.tuc.noao.edu Mail forwarded to: email@example.com No Plan.
When a system has the Finger service completely disabled, the client's active open will receive an RST from the server, since no process has a passive open on port 79:
sun % finger @svr4 [svr4.tuc.noao.edu] connect: Connection refused
Some sites provide a server on port 79, but it just outputs information to the client, and doesn't honor any client requests :
sun % finger @att.com [att.com] this line output by Finger client; remainder from server ------------------------------------------------------------------------------- There are no user accounts on the AT&T Internet gateway. To send email to an AT&T employee, send email to their name separated by periods at att.com. If the employee has an email address registered in the employee database, they will receive email - otherwise, you'll receive a non-delivery notice. For example: John.Q.Public@att.com sun % finger firstname.lastname@example.org [whitehouse.gov] Finger service for arbitrary addresses on whitehouse.gov is not supported. If you wish to send electronic mail, valid addresses are "PRESIDENT@WHITEHOUSE.GOV", and "VICE-PRESIDENT@WHITEHOUSE.GOV".
Another possibility is for an organization to implement a firewall gateway : a router between the organization and the Internet that filters out (i.e., discards) certain IP datagrams. ([Cheswick and Bellovin 1994] discuss firewall gateways in detail.) The firewall gateway can be configured to discard incoming datagrams that are TCP segments for port 79. In this case the Finger client times out after about 75 seconds.
There are additional options for the Finger server, and for the Unix finger client. Refer to RFC 1288 and the finger (1) manual page for the details.
RFC 1288 states that vending machines with TCP/IP connections that provide a Finger server should reply to a client request consisting of a blank line with a list of all items currently available. They should reply to a client request consisting of a name with a count or list of available items for that product.