GEN:SID 1:333
Message FINGER . query
Summary This event is generated when a remote user sends a finger request to .@hostname. This may indicate an attempt to discover information about users on the system.
Impact Information gathering.
Detailed Information Finger is a directory service on UNIX and Linux operating systems that allows users to obtain basic information about other users, including account name, home directory, and login status. A malicious user could use the string "finger .@hostname" to obtain a list of each user on the system. This may enable the attacker to view unused or inactive accounts, which are more likely to have default passwords that are relatively easy to guess or susceptible to brute force password attempts.
Affected Systems Any UNIX/Linux distribution with older versions of finger enabled.
Attack Scenarios An attacker issues a finger .@host to the vulnerable server and views a list of users. The attacker then attempts to guess passwords for users with the "Never logged in" status.
Ease of Attack Simple.
Corrective Action Disable finger support on your servers or upgrade to a more recent version of the finger daemon.
Additional References  
Rule References arachnids: 130
cve: 1999-0198
nessus: 10072