phf prober perl script What is phf probe script? The phf probe perl script is a perl script that probe the site that is tring to exploit the phf bug. What has changed since the first release of phf script? # Change Log: # 19960715 Created # 19960717 Added Ident support and safe_finger support # 19960926 Added support for builtin finger or safe_finger # Added ability to turn off parts of script # (ie finger, ident, fake) # Added fake PHF HTML code # From:Paul Danckaert # Added additional return type for fake PHF # From:Paul Danckaert # What type of probes does the script do? The probe script sends the following to a secure email address: Web Server REMOTE_HOST, REMOTE_ADDR The QUERY_STRING sent to phf Tries to do a safe_finger on the REMOTE_HOST Tries to do an ident on the REMOTE_HOST Can the phf probe script send back fake results? Yes. There is a section at the top of the perl script that talks about doing a fake phf Can I turn off portions of phf probe script? Yes, fakePHF, finger, and ident can be turned off if you choose. Follow the directions at the top of the phf script. Why do you want to know who tries to use phf? For us it is a matter of security. If someone is tring to break into the system we want to keep an eye on all areas. This allows us to do just that. Where do I send comments, feedback, fixs, bugs, etc... Send email to Ray.W.Hiltbrand@Eng.Auburn.EDU Where do I get a copy of the phf probe perl script? The phf probe perl script is available at: ftp.eng.auburn.edu/pub/rayh/security/phf What do I need to use phf probe perl script? perl 4 (Not sure it will run under perl5 it should) netstat command safe_finger (Not required -- Can use builtin finger) fgrep Where can I get safe_finger if I don't want to use the regular finger or use the builtin finger? Safe finger is part of the tcp wrappers package available at: ftp.win.tue.nl:/pub/security/ The tcp wrappers package should also be available at ftp.cert.org. Where can I find more info on phf bug and web security? Info is located at: WWW-Security FAQ Q33 http://www-genome.wi.mit.edu/WWW/faqs/wwwsf4.html#Q33 WWW-Security FAQ Q66 http://www-genome.wi.mit.edu/WWW/faqs/wwwsf4.html#Q66 WWW-Security FAQ http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html Written by: Ray W. Hiltbrand Email Addrees: Ray.W.Hiltbrand@Eng.Auburn.EDU