Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1541 |
Message | FINGER version query |
Summary | This event is generated when an attempt is made to ascertain which version of fingerd is running on a host. |
Impact | Information gathering. |
Detailed Information | This event indicates that an attempt has been made to ascertain which version of the finger daemon is running on a host. This may be the prelude to an attack against that finger daemon. |
Affected Systems | Any host running fingerd. |
Attack Scenarios | An attacker can determine which version of fingerd is running then attempt to exploit fingerd if it is found to be vulnerable to attack. |
Ease of Attack | Simple. |
Corrective Action | Disallow access to fingerd from sources external to the protected network. Disable the finger daemon. |
Additional References | GNU Finger Manual: http://www.gnu.org/software/finger/manual/ |
--
DID:482909
--
http://www.aanval.com/