James Carlson wrote:
> Norm Jacobs writes:
>
>> 1. It doesn't send out a response to any queries on the network.
>>
>
> Just being open is enough. The fact that it's open is easily
> detectable, because the system won't send back an ICMP Destination
> Unreachable / Port Unreachable when a packet for that port is
> received. Scanners use that feature to find the open and closed
> ports.
>
>
>> 2. The port that is uses is not a well known port. It's effectively
>> random.
>>
>
> Sure. All open ports are interesting, though.
>
>
>> The result is that you really can't scan for it. Of course, this
>> doesn't mean that someone can't write a little software to pretend to be
>> a network attached printer and try and exploit it. It's just more work
>> to make the attempt.
>>
>
> As far as security is concerned, I'd say that it's not much more work
All points well taken. The discovery addon uses a HAL supplied
drop_privileges() function to limit what the process can do should some
form of attack find a compromise.
-Norm
