GEN:SID | 1:325 |
Message | FINGER probe 0 attempt |
Summary | This is an intelligence gathering activity.
|
Impact | The attacker may obtain a list of accounts existing on the target host.
|
Detailed Information | This event is generated when an attempt is made to use a finger command against a host with a username of "0". A finger query against a vulnerable finger daemon may allow the attacker to obtain a list of accounts on the target system with some details for each account where present (such as time and source of the last login).
Obtaining a list of accounts might precipitate further attacks such as password guessing, email attacks and other abuse.
|
Affected Systems | |
Attack Scenarios | An attacker learns that the "sys" account exists on the system. He then proceeds to guess the password and is then able to gain remote access to the system.
|
Ease of Attack | Simple, no exploit software required
|
Corrective Action | Disable the finger daemon or limit the addresses that can access the service via firewall or TCP wrappers.
|
Additional References | Arachnids: http://www.whitehats.com/info/IDS378
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0197
Nessus: http://cgi.nessus.org/plugins/dump.php3?id=10069%20(Finger%20zero%20at%20host
|
Rule References | arachnids: 378
|