You are on page 1of 3

Finger protocol - Wikipedia, the free encyclopedia

Page 1 of 3

Finger protocol
From Wikipedia, the free encyclopedia

In computer networking, the Name/Finger protocol and the Finger user information protocol are simple network protocols for the exchange of human-oriented status and user information.

Contents
1 Name/Finger protocol 2 Finger user information protocol 3 Security concerns 4 Application support 5 See also 6 References 7 External links

Name/Finger protocol
The Name/Finger protocol, written by David Zimmerman, is based on Request for comments document RFC 742 (December 1977) as an interface to the name and finger programs that provide status reports on a particular computer system or a particular person at network sites. The finger program was written in 1971 by Les Earnest who created the program to solve the need of users who wanted information on other users of the network. Information on who is logged-in was useful to check the availability of a person to meet. This was probably the earliest form of presence information for remote network users. Prior to the finger program, the only way to get this information was with a who program that showed IDs and terminal line numbers (the server's internal number of the communication line, over which the user's terminal is connected) for logged-in users. Earnest named his program after the idea that people would run their fingers down the who list to find what they were looking for.[1]

Finger user information protocol
The finger daemon runs on TCP port 79. The client will (in the case of remote hosts) open a connection to port 79. An RUIP (Remote User Information Program) is started on the remote end of the connection to process the request. The local host sends the RUIP one line query based upon the Finger query specification, and waits for the RUIP to respond. The RUIP receives and processes the query, returns an answer, then initiates the close of the connection. The local host receives the answer and the close signal, then proceeds closing its end of the connection. The Finger user information protocol is based on RFC 1288 (The Finger User Information Protocol, December 1991). Typically the server side of the protocol is implemented by a program fingerd (for finger daemon), while the client side is implemented by the name and finger programs which are supposed to return a friendly, human-oriented status report on either the system at the moment or a particular person in depth. There is no required format, and the protocol consists mostly of specifying a single command line. The program would supply information such as whether a user is currently logged-on, e-mail address, full name etc. As well as standard user information, finger displays the contents of the .project and .plan files in the user's home directory. Often this file (maintained by the user) contains either useful information about the user's current activities, similar to micro-blogging, or alternatively all manner of humor.

Security concerns

http://en.wikipedia.org/wiki/Finger_protocol

10/25/2013

Finger protocol - Wikipedia, the free encyclopedia

Page 2 of 3

Supplying such detailed information as e-mail addresses and full names was considered acceptable and convenient in the early days of networking, but later was considered questionable for privacy and security reasons. Finger information has been frequently used by hackers as a way to initiate a social engineering attack on a company's computer security system. By using a finger client to get a list of a company's employee names, email addresses, phone numbers, and so on, a cracker can telephone or email someone at a company requesting information while posing as another employee. The finger daemon has also had several exploitable security holes which crackers have used to break into systems. The Morris worm, in 1988, exploited an overflow vulnerability in fingerd (among others) to spread. The finger protocol is also incompatible with Network Address Translation (NAT) from the private network address ranges (e.g. 192.168.0.0/16) that are used by the majority of home and office workstations that connect to the Internet through routers or firewalls. For these reasons, while finger was widely used during the early days of Internet, by the late 1990s the vast majority of sites on the internet no longer offered the service.

Application support
It is implemented on Unix, Unix-like systems, and current versions of Windows (finger.exe command). Other software has finger support: ELinks Minuet

See also
Morris worm Social network service Ph Protocol LDAP

References
1. ^ Colbath, Sean (20 Feb, 90). "Origins of the finger command (news:1990Feb20.023931.13825@cs.rochester.edu)". alt.folklore.computers (news:alt.folklore.computers). Web link (http://groups.google.com/groups? selm=1990Feb20.023931.13825@cs.rochester.edu). Retrieved 2008-10-21.

External links
RFC 742 (December 1977) RFC 1288 (December 1991) Mail from Les Earnest explaining the origin of finger (http://www.djmnet.org/lore/finger-origin.txt) Linux finger command (http://manpages.debian.net/cgi-bin/man.cgi?query=finger) History of the Finger protocol by Rajiv Shah (http://www.rajivshah.com/Case_Studies/Finger/Finger.htm) Microsoft TechNet Finger article (http://technet.microsoft.com/en-us/library/bb490908.aspx) Retrieved from "http://en.wikipedia.org/w/index.php?title=Finger_protocol&oldid=573268376" Categories: MS-DOS/Windows Command Prompt commands Internet protocols Internet Standards Unix user management and support-related utilities Unix network-related software Windows administration
This page was last modified on 17 September 2013 at 06:32. Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.

http://en.wikipedia.org/wiki/Finger_protocol

10/25/2013

Finger protocol - Wikipedia, the free encyclopedia

Page 3 of 3

http://en.wikipedia.org/wiki/Finger_protocol

10/25/2013