Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: 2.6 Other Information ServicesChapter 2
Internet Services
Next: 2.8 Real-Time Conferencing Services
 

2.7 Information About People

The Internet does not have a proper service for looking up information about people on the network as a whole, although a few attempts at registries have sprung up. Even if you know a person's real name and where they work, for example, you can't go to a central place to look up that person's user name or email address. However, there are two common services that provide some information about people, finger and whois.

The finger service looks up information about a user who has an account on the machine being queried, whether or not that user is currently logged in to the machine. This information may include the person's real name, login, phone number, office location, information about when and where they most recently logged in, and a brief message specified by the user.

You don't need to know the user name in order to use finger; it will generally give you information about anybody whose user name or real name contains the string you specify. If you don't specify a string, it will list information about everybody currently logged in to the machine being queried. finger can provide invaluable information to intruders, e.g., by identifying users who rarely log in, or names of gateway systems. You may wish to block finger requests that come from outside your internal network, or to supply only minimal information in response to these requests. finger is legitimately used by plenty of people who are simply trying to figure out what user name to send mail to, but those people don't need all the information that finger normally gives out.

It's less risky to use a finger client than to run a finger server. It's not without risk, however. The user-customizable message can contain control characters, and some finger clients rely on the length limitations normally built into the finger server to keep the returned information short. It's easy to construct a finger server that will be a denial of service attack. Depending on the finger client and the terminal, or terminal emulator, it's running on, control characters may produce effects anywhere from the annoying (it beeps maniacally and makes your screen look weird) to the disastrous (it downloads macros to your terminal, and then tells your terminal to pretend you'd typed the keys to invoke those macros, which can issue arbitrary commands as you, for example, to mail off your password file or delete all your files). You should run a finger client that doesn't permit control characters.

The whois service is similar to finger, but it obtains publicly available information about hosts, networks, domains, and their administrators. By default, whois clients query the host rs.internic.net at the Internet's Network Information Center (InterNIC), which maintains information about Internet domain and network administrators.[2]

[2] People who have been on the Internet a long time may remember when everybody who was anybody on the Internet was in the NIC database, but there isn't enough room for everybody anymore.

Because whois is the closest thing to an Internet white pages protocol, some sites choose to write servers that use the whois protocol to distribute information about their users. If you decide to do this, the usual concerns apply about writing servers so they don't give out too much information, and so they don't allow queries to cause them to execute arbitrary commands.


Previous: 2.6 Other Information ServicesBuilding Internet FirewallsNext: 2.8 Real-Time Conferencing Services
2.6 Other Information ServicesBook Index2.8 Real-Time Conferencing Services