This sort of experimentation with existing networks is one of the best ways to learn about networking in general. But it can also lead you into potentially dangerous ground with respect to computer security. Whenever you perform an experiment on a network, you need to think ahead about ethical complications, if any. For example, you should ask yourself whether your experiments with finger are likely to invade anyone's privacy, give you unauthorized access to computer systems, annoy other users, etc. It is not sufficient to assume that the people who wrote the network software have all security holes filled. You need to make explicit ethical judgements and take responsibility for the actions you take. If you have an experiment you want to perform, but you think it might cause trouble of some kind, talk first to me and Mike Tie. In most cases, we'll either give you the go-ahead, or we'll try to set up controlled circumstances in which you can perform your experiment without breaching security.

We'll talk more about ethical issues in computing in the next few days.

To get started, read RFC 1288: The Finger User Information Protocol. Then, answer the questions listed below.

You're going to need to experiment with the raw messages that finger clients and servers send to each other. To do so, you will use the UNIX command telnet as your client. To connect to a finger server, type "telnet hostname 79" at a UNIX prompt where "hostname" is any Internet host. If a finger server is running on the host in question, you will now be able to type a finger request, after which the finger server will send you a response.

Please feel free to work together (groups of two or three people are okay) on this assignment.

The Questions

1. Is finger a Standards-Track protocol? What is its current standards status?
   
   
2. How many versions of finger have been published as RFCs? Two versions of finger are in RFC 1194 and RFC 1196, published one month apart. What problems made it necessary for 1194 to give way so quickly to 1196? Why didn't they just make the corrections directly to 1194?
   
   
3. What combination of font size and page dimensions enable you to print out RFCs so that the page breaks occur at the correct places? (Please use Print Preview rather than actual printing to answer this question.)
   
   
4. What's an RUIP?
   
   
5. One of the following is not a legal finger query. Which one, and why? For each of the legal queries, explain the intent of the query--that is, what is each query asking for?
   • <CRLF>
   • jondich<CRLF>
   • /W<CRLF>
   • /Wjondich<CRLF>
   • @carleton.edu@stolaf.edu<CRLF>
   
   
   
6. Let's pretend that the finger server on atanasoff.mathcs.carleton.edu has forwarding enabled. Suppose I make a finger connection to atanasoff and send it the request "@carleton.edu@stolaf.edu@macalester.edu<CRLF>". Atanasoff's finger server will make a finger connection to some other machine and send it a request.
   • To what machine will atanasoff try to connect, and what request will it send once connected?
   • What am I really asking atanasoff's finger server to do for me?
   • Is forwarding actually enabled on atanasoff?
   
   
   
7. What is the "/W" in finger queries for? Does "/W" have any effect on atanasoff's finger server?
   
   
8. Is atansoff's finger server compliant with RFC 1288? Explain your answer.
   
   
9. At the end of section 2.3, Zimmerman says "As with anything in the IP protocol suite, `be liberal in what you accept.'" What does "be liberal in what you accept" mean in this context? "Be liberal in what you accept" is half of a common networking rule of thumb--what do you think the other half is?
   
   
10. In section 3.3, Zimmerman talks about people committing "dastardly or confusing deeds" using finger. Explain who would be the victim of such dastardly deeds, who would be the perpetrator, and how the deeds would be done. How does Zimmerman recommend these deeds be prevented?