finger? - VMS

This is a discussion on finger? - VMS ; Hi Folks, Is it even possible to tun a fingerd daemon in TCPware? I'm not asking for one, BTW - I just want to know, given all the recent hoo-ha about VMS "exploits"....

+ Reply to Thread
Results 1 to 3 of 3

Thread: finger?

  1. finger?

    Hi Folks,

    Is it even possible to tun a fingerd daemon in TCPware? I'm not asking
    for one, BTW - I just want to know, given all the recent hoo-ha about
    VMS "exploits".

  2. Re: finger?

    In article <48A760D3.4070807@comcast.net>, bradhamilton writes:
    >Is it even possible to tun a fingerd daemon in TCPware?


    Run a fingerd?
    You can enable a finger server in TCPware, yes.

    But you need to build it first. It is only there as source.
    (TCPWARE_ROOT:[TCPWARE.EXAMPLES]FINGER*.C)

    And you need to start it a boot time (via TCPWARE:SERVERS.COM like this)

    $ netcu == "$TCPWARE:NETCU"
    $!
    $ netcu ADD SERVICE finger TCP TCPWARE:FINGERD -
    /ERRO=NL: -
    /INPU=NL: -
    /OUTP=NL: -
    /PRIO=4 -
    /PRIV=(NOSAME,TMPMBX,WORLD,NETMBX,SYSPRV) -
    /PROC="TCPware_FINGERD" -
    /UIC=REMACP

    Other small TCP servers (like AUTH, CHARGEN, DAYTIME, DISCARD, ECHO, ...)
    are there for configuration (image already present) in MISC component.

    > I'm not asking
    >for one, BTW - I just want to know, given all the recent hoo-ha about
    >VMS "exploits".


    The usual security problems with finger on U**X do not apply on VMS!
    But the usual "security by obscurity" recommendations still apply:
    "Don't tell any hacker too much about your system"

    Or does you company building have a list of your employees with their
    room (and even telephone) numners written on the wall outside?

    (in other words, if you run finger, restrict it to local IP addresses only)

    --
    Peter "EPLAN" LANGSTÖGER
    Network and OpenVMS system specialist
    E-mail Peter@LANGSTOeGER.at
    A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist

  3. Re: finger?

    Peter 'EPLAN' LANGSTOeGER wrote:
    > In article <48A760D3.4070807@comcast.net>, bradhamilton writes:
    >> Is it even possible to tun a fingerd daemon in TCPware?

    >
    > Run a fingerd?
    > You can enable a finger server in TCPware, yes.
    >
    > But you need to build it first. It is only there as source.
    > (TCPWARE_ROOT:[TCPWARE.EXAMPLES]FINGER*.C)
    >
    > And you need to start it a boot time (via TCPWARE:SERVERS.COM like this)
    >
    > $ netcu == "$TCPWARE:NETCU"
    > $!
    > $ netcu ADD SERVICE finger TCP TCPWARE:FINGERD -
    > /ERRO=NL: -
    > /INPU=NL: -
    > /OUTP=NL: -
    > /PRIO=4 -
    > /PRIV=(NOSAME,TMPMBX,WORLD,NETMBX,SYSPRV) -
    > /PROC="TCPware_FINGERD" -
    > /UIC=REMACP
    >
    > Other small TCP servers (like AUTH, CHARGEN, DAYTIME, DISCARD, ECHO, ...)
    > are there for configuration (image already present) in MISC component.
    >
    >> I'm not asking
    >> for one, BTW - I just want to know, given all the recent hoo-ha about
    >> VMS "exploits".

    >
    > The usual security problems with finger on U**X do not apply on VMS!
    > But the usual "security by obscurity" recommendations still apply:
    > "Don't tell any hacker too much about your system"
    >
    > Or does you company building have a list of your employees with their
    > room (and even telephone) numners written on the wall outside?
    >
    > (in other words, if you run finger, restrict it to local IP addresses only)
    >


    Thanks, Peter - actually, that makes me feel much better - someone has
    to go out of their way to find it, compile it, and start it at boot
    time, and there's no real mention of this in the management guide.

    No, I'm just worried about the security aspects of running such a
    service, when it's not necessary. Fingerd was one of the attack
    "vectors" for the Morris worm back in the '80s - I'm sure that fingerd
    has seen improvements, but it's not a necessary service.

+ Reply to Thread