Description
This article is from the Firewalls
FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum
mjr@nfr.com with numerous contributions by others.
47 How do I make Finger and whois work through my firewall?
Many firewall admins permit connections to the finger port from only
trusted machines, which can issue finger requests in the form of: finger
user@host.domain@firewall. This approach only works with the standard Unix
version of finger. Controlling access to services and restricting them to
specific machines is managed using either tcp_wrappers or netacl from the
firewall toolkit. This approach will not work on all systems, since some
finger servers do not permit user@host@host fingering.
Many sites block inbound finger requests for a variety of reasons, foremost
being past security bugs in the finger server (the Morris internet worm made
these bugs famous) and the risk of proprietary or sensitive information
being revealed in user's finger information. In general, however, if your
users are accustomed to putting proprietary or sensitive information in
their .plan files, you have a more serious security problem than just a
firewall can solve.
Continue to:
Share and Enjoy
Bookmark this story so others can enjoy it:
Tags
security, Internet, firewalls, ssl, port, protection, application layer, proxy server, packet screening, filtering rules, viruses, terms
