[ntp:questions] Re: Coded messages on US govt timeserver's nonstandard port

Moe Trin ibuprofin at painkiller.example.tld
Thu Apr 7 01:50:43 UTC 2005


In article <slrnd56h7m.hb5.kostecke at stasis.kostecke.net>, Steve Kostecke wrote:

>True. But the original example does not follow the finger protocol. In a
>finger server conversation the client has to provide the username.

Actually no - I had to dig around to _find_ a system here that even
had 'fingerd' installed.  First grab a copy of RFC1288 off your nearest
RFC mirror, then go back to your console.

]steve:~$ telnet localhost 79
]Trying 127.0.0.1...
]Connected to localhost.
]Escape character is '^]'.

Now, at this point, hit a carriage return - and the three servers I found
will return a full list of users who are logged in, the same as
finger -s @localhost.

This use of finger is not uncommon. Your headers say Organization: Debian
GNU/Linux site   so I'd venture you know how to finger kernel.org to find
out what's the latest kennel (finger @  or kernel@ and you get the same
results).  For a long while, if you fingered 'quake@' a server at USGS, you
got a list of earthquakes above a minimum magnitude in the region covered by
that server over the past day or two. That service seems to have fallen into
disuse, as I just tried Menlo Park, and the server answered, but gives no
data.

>The original example is similar to daytime in that merely connecting to
>the port results in a reply:

Hard to say from the data presented. But I just tried it here, and

[compton ~]$ telnet time.nist.gov 78
Trying 192.43.244.18...
Connected to time.nist.gov.
Escape character is '^]'.

O: O: My name is Ophelia: and my husband's name is Otto:
We come from Ontario: and we sell Okra::
726-371-231-283-355-962-573
$ 0 2455 3000 8 1 0 0
Connection closed by foreign host.
[compton ~]$ 

At the blank line, I hit the <Enter> key - and bingo, the secret message
appears.

        Old guy




More information about the questions mailing list