On Tue, 8 Jan 2002, Glenn McCorkle wrote: > > The most common server with a known exploit is lpd: > > http://www.cert.org/advisories/CA-2001-30.html > > Yes, I have a printer. > Yes, The print server is started every time I boot into Linux. > > How is someone else going to access my machine > through *only* my print server?
See the above mentioned cert advisory. Since YOU are running Caldera, it would seem my example doesn't apply (to you, this time). However, for those running affected versions of lpd, that daemon LISTENS on port 515. Crackers simply aim their buffer overflow at port 515, and that gains them access (assuming it's not firewalled). As root, do a few netstats to see if you perhaps have more listening processes than you're aware of. (at one point, even the X server was vulnerable to being "eavesdropped" on... your desktop could have been visible on others' computers) # netstat -upant # netstat -l # netstat > Unless someone else sits in THIS chair and uses THIS keyboard. > THIS machine is 100% safe from attack. If you want to live in never-never land, far be it from me to disillusion you. So are you running ipchains, or iptables? Would you mind sharing your firewall rules? > Q: What have I "thown away" by not allowing others to access > my machine via an HTTP or FTP server? > A: Nothing. Well, there you go. It would seem my part in this conversation has been obviated. - Steve
