Finger: User Information Protocol

The Finger user information protocol provides an interface to a remote user information program (RUIP). Finger is a protocol for the exchange of user information, based on the Transmission Control Protocol, using TCP port 79. The local host opens a TCP connection to a remote host on the Finger port. An RUIP becomes available on the remote end of the connection to process the request. The local host sends the RUIP a one line query based upon the Finger query specification, and waits for the RUIP to respond. The RUIP receives and processes the query, returns an answer, then initiates the close of the connection. The local host receives the answer and the close signal, then proceeds closing its end of the connection.

Finger discloses information about users; moreover, such information may be considered sensitive. Security administrators should make explicit decisions about whether to run Finger and what information should be provided in responses. One existing implementation provides the time the user last logged in, the time he last read mail, whether unread mail was waiting for him, and who the most recent unread mail was from! This makes it possible to track conversations in progress and see where someone's attention was focused. Sites that are information-security conscious should not run Finger without an explicit understanding of how much information it is giving away.

Implementations should be tested against various forms of attack. In particular, an RUIP SHOULD protect itself against malformed inputs. Vendors providing Finger with the operating system or network software should subject their implementations to penetration testing. Finger is one of the avenues for direct penetration. Like Telnet, FTP and SMTP, Finger is one of the protocols at the security perimeter of a host. Accordingly, the soundness of the implementation is paramount. The implementation should receive just as much security scrutiny during design, implementation, and testing as Telnet, FTP, or SMTP.

Protocol Structure - Finger: User Information ProtocolAny data transferred between two Finger hosts MUST be in ASCII format, with no parity, and with lines ending in CRLF (ASCII 13 followed by ASCII 10). This excludes other character formats such as EBCDIC, etc. This also means that any characters between ASCII 128 and ASCII 255 should truly be international data, not 7-bit ASCII with the parity bit set.

The Finger query specification is defined:  

{Q1}::= [{W}|{W}{S}{U}]{C}

{Q2}::= [{W}{S}][{U}]{H}{C}

{U} ::= username

{W}::= /W

 {S}::= <SP> | <SP>{S}   

{C} ::= <CRLF>  

Fingeris defined by IETF (http://www.ietf.org ) RFC1288.

http://www.javvin.com/protocol/rfc1288.pdf : The Finger User Information Protocol