Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:328 |
| Message | FINGER bomb attempt |
| Summary | This event is generated when a Denial-of-Service (DoS) attack against a finger daemon is attempted. |
| Impact | The attacker may overload the target machine or crash the finger daemon |
| Detailed Information | This event is generated when a specially crafted finger query is directed at a target UNIX host. The Finger daemon is used to provide information about users on a UNIX system. It used to be installed and enabled by default on most UNIX/Linux systems. The attack will crash or overload the vulnerable machines. |
| Affected Systems | |
| Attack Scenarios | The attacker needs to send specially crafted packets to the finger daemon on a host. |
| Ease of Attack | Moderate, no exploit software is required, just a specially formatted finger query |
| Corrective Action | Disable the finger daemon or limit the addresses that can access the service via firewall or TCP wrappers. |
| Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0106 Arachnids: http://www.whitehats.com/info/IDS381 |
| Rule References | arachnids: 381 cve: 1999-0106 |
--
DID:831673
--
http://www.aanval.com/