30.2 Finger Protocol

30.2 Finger Protocol

The Finger protocol returns information on one or more users on a specified host. It's commonly used to see if someone is currently logged on, or to figure out someone's login name , to send them mail. RFC 1288 [Zimmerman 1991] specifies the protocol.

Many sites do not run a Finger server for two reasons. First, a programming error in an earlier version of the server was one of the entry points used by the infamous Internet worm of 1988. (RFC 1135 [Reynolds 1989] and [Curry 1992] describe the worm in more detail.) Second, the Finger protocol can reveal detailed information on users (login names , phone numbers , when they last logged in, etc.) that many administrators consider private. Section 3 of RFC 1288 details the security aspects of this service.

From a protocol perspective, the Finger server has a well-known port of 79. The client does an active open to this port and sends a one-line query. The server processes the query, sends back the output, and closes the connection. The query and response are NVT ASCII, similar to what we saw with FTP and SMTP.

While most Unix users access the Finger server using the finger (1) client, we'll start by using the Telnet client to connect directly to the server and see the one-line commands issued by the client. If the client query is an empty line (which in NVT ASCII is transmitted as a CR followed by an LF), it is a request for information on all online users.

 sun %  telnet slip finger  Trying 140.252.13.65 ...  first three lines are output by Telnet client  Connected to slip.     Escape character is '^]'.  here we type RETURN as the Finger client command  Login    Name               Tty  Idle   Login  Time    Office   Office Phone     rstevens Richard Stevens    *co    45   Jul 31  09:13     rstevens Richard Stevens    *c2    45   Aug  5  09:41     Connection closed by foreign host.  output by Telnet client  

The blank output fields for the office and office phone are taken from optional fields in the user 's password file entry (which aren't present in this example).

The server must be the end that does the active close, since a variable amount of information is returned by the server, and the reception of the end-of-file by the client is how the client knows when the output is complete.

When the client request consists of a username, the server responds with information only about that user. Here's another example, with the Telnet client output removed:

 sun %  telnet vangogh.cs.berkeley.edu finger   rstevens   this is the client request we type  Login: rstevens                      Name: Richard Stevens     Directory: /a/guest/rstevens         Shell: /bin/csh     Last login Thu Aug  5 09:55 (PDT) on ttyq2 from sun.tuc.noao.edu     Mail forwarded to: rstevens@noao.edu     No Plan. 

When a system has the Finger service completely disabled, the client's active open will receive an RST from the server, since no process has a passive open on port 79:

 sun %  finger @svr4  [svr4.tuc.noao.edu] connect: Connection refused 

Some sites provide a server on port 79, but it just outputs information to the client, and doesn't honor any client requests :

 sun %  finger @att.com  [att.com]  this line output by Finger client; remainder from server  -------------------------------------------------------------------------------     There are no user accounts on the AT&T Internet gateway.     To send email to an AT&T employee, send email to their name     separated by periods at att.com. If the employee has an email     address registered in the employee database, they will receive     email - otherwise, you'll receive a non-delivery notice.     For example: John.Q.Public@att.com     sun %  finger clinton@whitehouse.gov  [whitehouse.gov]             Finger service for arbitrary addresses on whitehouse.gov is not     supported. If you wish to send electronic mail, valid addresses are     "PRESIDENT@WHITEHOUSE.GOV", and "VICE-PRESIDENT@WHITEHOUSE.GOV". 

Another possibility is for an organization to implement a firewall gateway : a router between the organization and the Internet that filters out (i.e., discards) certain IP datagrams. ([Cheswick and Bellovin 1994] discuss firewall gateways in detail.) The firewall gateway can be configured to discard incoming datagrams that are TCP segments for port 79. In this case the Finger client times out after about 75 seconds.

There are additional options for the Finger server, and for the Unix finger client. Refer to RFC 1288 and the finger (1) manual page for the details.

RFC 1288 states that vending machines with TCP/IP connections that provide a Finger server should reply to a client request consisting of a blank line with a list of all items currently available. They should reply to a client request consisting of a name with a count or list of available items for that product.



TCP.IP Illustrated, Volume 1. The Protocols
TCP/IP Illustrated, Vol. 1: The Protocols (Addison-Wesley Professional Computing Series)
ISBN: 0201633469
EAN: 2147483647
Year: 1993
Pages: 378

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net