Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:328 |
Message | FINGER bomb attempt |
Summary | This event is generated when a Denial-of-Service (DoS) attack against a finger daemon is attempted. |
Impact | The attacker may overload the target machine or crash the finger daemon |
Detailed Information | This event is generated when a specially crafted finger query is directed at a target UNIX host. The Finger daemon is used to provide information about users on a UNIX system. It used to be installed and enabled by default on most UNIX/Linux systems. The attack will crash or overload the vulnerable machines. |
Affected Systems | |
Attack Scenarios | The attacker needs to send specially crafted packets to the finger daemon on a host. |
Ease of Attack | Moderate, no exploit software is required, just a specially formatted finger query |
Corrective Action | Disable the finger daemon or limit the addresses that can access the service via firewall or TCP wrappers. |
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0106 Arachnids: http://www.whitehats.com/info/IDS381 |
Rule References | arachnids: 381 cve: 1999-0106 |
--
DID:831673
--
http://www.aanval.com/