Darren J Moffat wrote: > I'm not sure that secure-by-default does require that this be off. As I > understand this case it is egress probing not a daemon listening of > ingress requests.
I defer to your expertise :-) My concern was one of 2nd-order exposure: I (the bad guy) place a box on the network that pretends to be a printer (i.e., it does the things that this case probes for...) You place a new, secure system on the net, and it probes for printers, finding me... Q: is there anything I could do to you or find out about you at this point, before any print jobs are sent? Does your system open up a printer queue connection to me at this point, or does it simply harvest my name & property info (via the MIB) for your local perusal? I'm pretty sure (but don't know for sure, thus the question) that there is no creation of an ingress path here, and thus no issue. -John
