Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1541 |
| Message | FINGER version query |
| Summary | This event is generated when an attempt is made to ascertain which version of fingerd is running on a host. |
| Impact | Information gathering. |
| Detailed Information | This event indicates that an attempt has been made to ascertain which version of the finger daemon is running on a host. This may be the prelude to an attack against that finger daemon. |
| Affected Systems | Any host running fingerd. |
| Attack Scenarios | An attacker can determine which version of fingerd is running then attempt to exploit fingerd if it is found to be vulnerable to attack. |
| Ease of Attack | Simple. |
| Corrective Action | Disallow access to fingerd from sources external to the protected network. Disable the finger daemon. |
| Additional References | GNU Finger Manual: http://www.gnu.org/software/finger/manual/ |
--
DID:482909
--
http://www.aanval.com/