GEN:SID | 1:323 |
Message | FINGER root query |
Summary | This is an intelligence gathering activity.
|
Impact | The attacker may obtain detailed information about the administrative super user account.
|
Detailed Information | This event is generated when an attempt to access information about the administrative account "root" on a UNIX system is made via the finger service.
The information that can be collected includes time and source address of the last login and/or current login sessions, type of shell, path to home directory, mail forwarding address (often reflecting the name of the person administrering the system) and the time when "root" email was last read. This information can be used in planning further attacks against the host.
|
Affected Systems | |
Attack Scenarios | The attacker learns that "root" has not logged in for a long time. He hypothesizes that the system is not often used and thus not likely to be patched or secured and may therefore, be vulnerable to a number of other attacks.
|
Ease of Attack | Simple, no exploit software required
|
Corrective Action | Disable the finger daemon or limit the addresses that can access the service via firewall or TCP wrappers.
|
Additional References | Arachnids: http://www.whitehats.com/info/IDS376
|
Rule References | arachnids: 376
|