John Plocher wrote:
> Darren J Moffat wrote:
>> I'm not sure that secure-by-default does require that this be off.
>> As I understand this case it is egress probing not a daemon listening
>> of ingress requests.
>
> I defer to your expertise :-)
>
> My concern was one of 2nd-order exposure:
>
> I (the bad guy) place a box on the network that pretends to be a printer
> (i.e., it does the things that this case probes for...)
>
> You place a new, secure system on the net, and it probes for printers,
> finding me...
>
> Q: is there anything I could do to you or find out about you at this
> point, before any print jobs are sent?
NO
> Does your system open up a
> printer queue connection to me at this point, or does it simply harvest
> my name & property info (via the MIB) for your local perusal?
It simply harvests the data and stores it in the HAL device tree. There
is a desktop applet that watches the HAL device tree for new printers
and asks you if you would like a queue created.
-Norm
