Finger bomb recursive request

Risk Level: Medium risk vulnerability  Medium

Check or Attack Name: fingerbomb
Platforms: Finger Service
Description:

The system is vulnerable to the Finger Bomb. Finger Bomb allows an attacker to disrupt your network using the redirection capability in the finger daemon.

Some finger daemons allow redirecting a finger request to remote sites using the form finger username@hostname1@hostname2. The finger will go through hostname2, then to hostname1. This technique helps attackers cover their tracks, because hostname1 will see a finger coming from hostname2 instead of from the original service. This technique has been used to go through firewalls, if they are not properly configured. This can happen by using the command finger user@host@firewall.

An attacker could also use a recursive finger, such as finger username@hostname@hostname@hostname. Finger will call itself repeatedly, using more resources until the machine has consumed all its resources. A similar denial of service attack may happen when an attacker types finger username@@@@@@@@@@@@@@@@@@@@@hostname1. The repeated @ causes finger to repeatedly finger the same machine until the memory and hard drive swap space fill up. This causes the machine to stop or slow to an unusable speed.
Remedy:

Disable finger, or install a version of finger that turns off redirection. GNU Finger can be configured to not allow redirection.

Unix: Disable the finger daemon. To disable a Unix daemon started from inetd, follow these steps:

  1. Edit the /etc/inetd.conf (or equivalent) file.
  2. Locate the line that controls the daemon.
  3. Type a # at the beginning of the line to comment out the daemon.
  4. Restart inetd.

—OR—

To turn off finger redirection, Unix systems can use GNU finger available from ftp://prep.ai.mit.edu/pub/gnu/finger-1.37.tar.gz.

Windows: Fingerd is not native to Windows, but may be present. To disable fingerd, follow these steps:

  1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
  2. Select the service.
  3. Click Stop.
  4. When the service has stopped, click Startup.
  5. Choose one of these options:
    • To permanently disable the service, click Disabled.
    • To turn the service off unless manually activated by the user or a program, click Manual.
  6. Click OK, then click Close.
References:
X-Force Logo
Know Your Risks