[TAG] (forw) Re: (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1

Rick Moen rick at linuxmafia.com
Mon Jan 29 13:00:19 MSK 2007 

Quoting Sindi Keesan (keesan at grex.cyberspace.org):

> I never heard of SYN or P2P.  I have heard of TCP but don't understand it.

For your purposes, it probably doesn't matter, right?  You can look it
up when you need to know.  (I could explain, but have no reason to think
you need that information right now.

> Is P2P the same as pointopoint used by PLIP?

In this context (the "-sT" option portion of the nmap manpage), "P2P"
just meant peer-to-peer, a family of Internet applications.

> I never heard of any of this except NFS (something that lets you share 
> files between computers) and Sun (a type of hardware).  I am rather fuzzy 
> about what a port is other than a number at the end of an IP address.

I'm sure you'll learn more when you need to learn more.  My point is that
you don't need to understand everything in the nmap manpage to know how
to use it.  It should suffice for you to understand that I mentioned
three types of nmap scans you can do, and gave sample syntax for each:
(1) a scan of "TCP"-type services, (2) a scan of "UDP"-type services,
and (3) an "ACK" scan that test firewall rules.  

You can use that information without knowing exactly what TCP is or what
UDP is, just using the additional information (also readily
comprehensible by novices from the quoted manpage portions) that
TCP/IP-using applications generally divide between those using TCP
connections and those using UDP connections.

> (I am not asking you for an explanation here, just pointing out why I 
> cannot make sense of the man pages).

And I'm saying that's nonsense.


> I still don't understand if I am supposed to be scanning my own system 
> from my own system or from somewhere else or not scanning my own system at 
> all - lots of apparently conflicting information from various people.

You're a bright guy.  Figure it out.

You already know that some network services, if enabled at all, are
reachable only from the machine itself.  This should point out to you
the limited usefulness of scanning a machine from itself:  It's a bit
like twisting your house's doorknobs from _inside_ the house to
determine whether or not your house is locked.  You're not really
seeking to find out if people _inside_ the house can open the doors, but
rather whether people _outside_ can.

> I spent about 15 minutes looking for my temporary IP number in my own 
> computer.

/sbin/ifconfig -a

> I feel like I am 
> usually in way over my head.

The feeling will eventually come to seem familiar, maybe even welcome.
;->


> Why would I want to use a live CD rather than two computers with the same 
> linux on them?

If you don't happen to _have_ that second Linux machine, but can borrow
an other-OS box briefly, possession of a live CD can be extremely handy.


> I can try to set up a firewall with ipchains and default gateway again 
> with crossover cable (if I can find my notes). 

Sure, if you wish.

I hope you realise that your prior postings indicated that you'd nmapped
the machine (well, for TCP services, anyway) from localhost, and found 
nothing at all running.  Assuming that is reliable information (e.g.,
that no intruder has installed a trojaned copy of nmap that omits
crucial data), then obviously your host has nothing running (using TCP
ports, anyway), and re-doing that check from a nearby host wouldn't tell
you more.

The reason why nmapping from localhost is a bad idea (leaving aside the 
problem of trojaned copies) is that it _overreports_ by including
services reachable only locally, whereas what's actually of interest are
those services that other machines will see and can use.


> Is that what you meant by 'same ISP point of presence'?

A "point of presence" (in this context) is basically a cluster of
dial-in numbers that reach the same ISP router.

> And what would I learn other than that I do not have any open ports 
> because I am not running any servers (unless a default gateway in my own 
> local network is a server of some sort)?

I didn't tell you to run nmap.

I was just suggesting ways to use it effectively _if_ you have reason to
use nmap -- and also proving to you that, no, you certainly do not need
to understand its 100 pages of manpage, to use it.

More information about the TAG mailing list