TCP Dangerous Other

Port 79 (Finger)

Learn about port 79 (Finger) - security risks, vulnerabilities, and common uses. Find devices with port 79 open.

Quick Info

Port Number

Protocol

TCP

Service

Finger

IANA Name

Finger

Service Description

Port 79 (TCP) is associated with the Finger protocol, a simple network protocol designed to provide information about users logged into a system or information about a specific user. Originally developed in the early days of ARPANET, Finger allows users to query a server and retrieve information such as the user's full name, login time, idle time, terminal line, and office location/phone number. The protocol operates by sending a simple text-based request to the Finger server on port 79. The server then processes the request and returns a text-based response containing the requested user information or a general status message. A request can be as simple as a username, or it can include options to request more detailed information.

The Finger protocol is relatively straightforward. A client connects to the server on port 79, sends a query (typically a username or an empty string for a list of users), and receives a response. The response format is loosely defined, often including fields such as login name, real name, terminal, idle time, login time, and office location. The protocol lacks any built-in authentication or encryption mechanisms, making it vulnerable to various security risks. The basic operation involves a simple TCP connection, a text-based request, and a text-based response, making it easy to implement but also easy to exploit if not properly secured.

## Firewall Recommendations

Due to the inherent security risks and limited modern use of the Finger protocol, it is generally recommended to block port 79 (TCP) at the firewall. If the Finger service is absolutely necessary for legacy applications, it should be isolated within a secure internal network, and access should be strictly controlled. Consider using a modern, more secure alternative for user information retrieval. If you must allow the service, ensure the server software is up-to-date with the latest security patches, implement strict input validation on user queries, and consider using a wrapper or proxy to filter potentially malicious requests. Monitor network traffic for suspicious activity on port 79.

Security Information

The Finger protocol is inherently insecure due to its lack of authentication and encryption. This allows attackers to potentially gather sensitive user information, such as usernames, full names, and last login times, which can be used for social engineering or brute-force attacks. Furthermore, poorly implemented Finger servers are susceptible to buffer overflows and format string vulnerabilities, allowing attackers to execute arbitrary code on the server. The protocol's simplicity also makes it an easy target for denial-of-service (DoS) attacks. Because it provides information about active users, it can be used to enumerate potential targets for further attacks. The historical nature of the protocol often means implementations are outdated and unpatched, further increasing the risk. The lack of input validation on user queries makes it vulnerable to command injection, where malicious users can inject commands into the server's operating system.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2000-0569	fingerd format string vulnerability	High	Уязвимость format string в fingerd позволяет удаленным злоумышленникам выполнять произвольные команды через специально сформированный запрос.
CVE-1999-0215	fingerd buffer overflow	High	Переполнение буфера в fingerd позволяет удаленным злоумышленникам выполнять произвольный код, отправляя длинное имя пользователя.
CVE-1999-0216	fingerd .plan vulnerability	High	Уязвимость, связанная с обработкой файла .plan, позволяющая удаленным злоумышленникам выполнять произвольный код.