James G. Sack (jim) wrote:
Ralph Shumaker wrote:
James G. Sack (jim) wrote:
Ralph Shumaker wrote:
James G. Sack (jim) wrote:
..
So what should I do about port 631?
Google-poking shows some clue that it has to do with making (and/or
seeing?) announcements of printer availability on your local network.
Also that it seems to be controlled by
/etc/cups/cupsd
at the lines near
# Show shared printers on the local network.
You might experiment with these, because it seems you have no need for a
udp port being open on 631
I don't know if this helps:
# ll /etc/cups/cupsd.conf*
-rw-r----- 1 root lp 2474 2008-07-01 04:46 /etc/cups/cupsd.conf
-rw-r----- 1 root lp 2474 2008-07-01 04:46 /etc/cups/cupsd.conf.default
# diff /etc/cups/cupsd.conf /etc/cups/cupsd.conf.default
Apparently, I have the default settings (Fedora 8). Being 2474 bytes,
I'm hesitant to include the contents.
What I meant was to try playing with cupsd.conf -- and see if that had
any impact on the open ports, and if so, whether that interferred with
printing.
For example,I changed
Browsing On
to
Browsing Off
and then restarted cupsd with
service cupsd reload
I did notice that the open udp port that was on 0.0.0.0 (any interface)
went away. This was the open port of (possible) concern.
I do have some network printing operations, so I'm going to turn mine
back on. And besides I'm behind a firewall, so I'm not worried about the
internet talking to my cupsd.
Well, according to GRC ShieldsUp, my ports 22 (ssh remote login
protocol) and 631 (internet printing protocol) are responding as
closed. (All other ports between 0 and 1055 are not even replying.)
Also, my IP address responds to a ping. According to Gibson, responding
to a ping and responding with "port closed" are security concerns
apparently because they essentially announce my presence to passing
pings and port scans and put me on the bad guys' radars.
Due to previous discussions about this here on kplug tho, I don't know
if I should be concerned.
..
Mine is 68.183.yyy.zzz which doesn't resemble yours. My hostname
currently is netblock-68-183-yyy-zzz, kinda like what Cox does IIRC.
Oh, that is not a private IP address, it is a public one (accessible
from the internet), so you are right to avoid plastering it all around.
It is visible in your email headers -- but there's not anything you can
do about that, I believe.
GRC ShieldsUp saw it in my browser also, tho I doubt that's an issue, right?
The DSL management interface may or may not be accessible, though.
Here's what I would try:
# ifconfig eth0:1 192.168.1.99
# ping 192.168.1.1
if ping works, point your browser at http://192.168.1.1, and poke around.
What the above is, is an ethernet "alias" which behaves like another
interface working through the same hardware and ethernet wiring.
Yep, that did the trick. I'm in. Now I need to regress in this thread
since what you suggested has either been snipped or I'm just not seeing it.
If I found it, you suggested looking for unexpected port forwarding. I
don't know where to look for that. There seems to be a _lot_ in there.
But I did find a list of services:
☐ FTP
☑ HTTP
☑ ICMP
☑ SNMP
☑ TELNET
☑ TFTP
I am confused about your DSL modem and its configuration. The specs page
claims a "stateful packet inspection" firewall (a good thing) -- but
doesn't have configuration capabilities that I am familiar with. I would
have expected something about serving dhcp on the LAN side, as well as
some details about port forwarding in excess of what you show above. I
take it this is like page 39 of the manual, titled "Access
Control—Services". It could be the manual has that stuff, but I missed
it? My guess it that it's an earlier times model, with lots of technical
bits about the DSL configuration, but not much sophistication in the
LAN configuration. Just guessing, but you may be running in "bridging
mode", which is how your computer would get your public IP assigned
inside your LAN. I would certainly be reluctant to change anything -- I
expect it was all configured by an ISP technician?
I got it from UPS (FedEx?), plugged it in, turned it on, and was
surfing. I don't think I had to do anything else.
The only other DSL modems I have familiarity with have multiple
LAN connections (a built-in switch), and even a wireless access
point as well. Those modems had to run dhcp to provide the LAN
computers with different IPs.
Unless someone else has experience with this modem, you may be stuck
with _my_ diagnosis: I think your DSL modem may be somewhat limited in
firewall capabilities (compared to what I would expect). It does look
like the checkboxes you show are allowing external access via HTTP,
SNMP, TELNET, and TFTP protocols to your LAN (yikes on TELNET and TFTP).
==> I would recommend immediately turning all of them off (except the
icmp, which you indicated cannot be changed, anyway).
Whoops! Doing this broke my connection and ability to reconnect to the
DSL modem configuration. It says "The connection to the server was
reset while the page was loading." and "Try Again" just refreshes the
message.
I'm still permitted to surf the web tho. So it didn't _completely_
cripple me.
--
We shall have World Government, whether or not we like it. The only
question is whether World Government will be achieved by conquest or
consent.
--Paul Warburg CFR (Council on Foreign Relations) and architect of the
Federal Reserve System in an address to the US Senate. 1950-02-17
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
