In article , Steve Kostecke wrote:
>On 2005-04-05, Marc Brett wrote:
>> This had me going for a while, but it turns out it's just a
>> server status report via the finger(1) command.
>> % telnet time.nist.gov 78
>finger uses port 79 ...
By default, yes. But that doesn't mean someone can't configure a
finger server on some other port. I know someone who ran a finger
server on some really strange port number, and it returned a password
that was valid for the current minute. There was a cron job that was
changing the password file and the .sig that the finger server was
returning. You fingered the server on this strange port, and then
logged in IMMEDIATELY using the returned data as a password. It
was a gross example of "security through obscurity", but it worked
for the week or so that it was needed.
The only reason a server operates on a well known port is so that
others can find it. If you _don't_ want it to be found by everyone
and his pet gerbil, one technique is to run the server on some OTHER
port that no one would dream of in a million years - like the skript
kiddiez who use really secret port numbers like 12345, or 17337,
Old guy
|