[TAG] (forw) Re: (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1

[Sindi Keesan]

On Mon, 29 Jan 2007, Rick Moen wrote:

> Quoting Sindi Keesan (keesan at grex.cyberspace.org):
>
>> I never heard of SYN or P2P.  I have heard of TCP but don't understand it.
>
> For your purposes, it probably doesn't matter, right?  You can look it
> up when you need to know.  (I could explain, but have no reason to think
> you need that information right now.

I have Running Linux ver 3 and some day will find time to read more of it.
There is a chapter on networking.


>> Is P2P the same as pointopoint used by PLIP?
>
> In this context (the "-sT" option portion of the nmap manpage), "P2P"
> just meant peer-to-peer, a family of Internet applications.

>> I never heard of any of this except NFS (something that lets you share
>> files between computers) and Sun (a type of hardware).  I am rather fuzzy
>> about what a port is other than a number at the end of an IP address.

> I'm sure you'll learn more when you need to learn more.  My point is that
> you don't need to understand everything in the nmap manpage to know how
> to use it.  It should suffice for you to understand that I mentioned
> three types of nmap scans you can do, and gave sample syntax for each:
> (1) a scan of "TCP"-type services, (2) a scan of "UDP"-type services,
> and (3) an "ACK" scan that test firewall rules.

Do I need to test firewalls when I don't have one?   I set one up once 
when using one computer as a gateway, following simple instructions.
Do I need a firewall if I am not running servers and use a modem?

TCP Transmission Control Protocol send packets that are acknowledged
UDP User Datagram Protocol
ACK acknowledge

I found 30 pages online at www.yiluda.net/manual/linux/rute/node29.html, 
of which the first 5 are semiunderstandable without a dictionary.

> You can use that information without knowing exactly what TCP is or what
> UDP is, just using the additional information (also readily
> comprehensible by novices from the quoted manpage portions) that
> TCP/IP-using applications generally divide between those using TCP
> connections and those using UDP connections.
>
>> (I am not asking you for an explanation here, just pointing out why I
>> cannot make sense of the man pages).
>
> And I'm saying that's nonsense.
>
>
>> I still don't understand if I am supposed to be scanning my own system
>> from my own system or from somewhere else or not scanning my own system at
>> all - lots of apparently conflicting information from various people.
>
> You're a bright guy.  Figure it out.

I am not a guy.

> You already know that some network services, if enabled at all, are
> reachable only from the machine itself.  This should point out to you
> the limited usefulness of scanning a machine from itself:  It's a bit
> like twisting your house's doorknobs from _inside_ the house to
> determine whether or not your house is locked.  You're not really
> seeking to find out if people _inside_ the house can open the doors, but
> rather whether people _outside_ can.
>
>> I spent about 15 minutes looking for my temporary IP number in my own
>> computer.
>
> /sbin/ifconfig -a

ifconfig:  ifconfig was not compiled with interface status display support 
Part of busybox that I compiled.  I should compile it again with this 
support.  The older /bin/busybox ifconfig that I replaced gives ppp0 inet 
addr which looks like my IPLOCAL address.

I found my IPLOCAL number in /var/run/pppd.tdb, as the last of many.  (It 
matched what the website said it was).

>> I feel like I am
>> usually in way over my head.
>
> The feeling will eventually come to seem familiar, maybe even welcome.
> ;->

Translating is like that much of the time.  One day I need to understand 
the rudiments of mine sweeping or guided missles, another day gamma 
globulin or organophosphates.  I do a lot of surficial online research.

>> Why would I want to use a live CD rather than two computers with the same
>> linux on them?
>
> If you don't happen to _have_ that second Linux machine, but can borrow
> an other-OS box briefly, possession of a live CD can be extremely handy.

We have the same linux on (let me count) 5 laptop computers, 9 desktops 
here, 3 at each of two other locations, and a few test machines and spare 
hard drives.  I thought I had mentioned having lots of identical setups to 
copy between if one failed, which they do once in a while when the hard 
drive or motherboard dies.  They all came to us free from friends, 
neighbors, the curb, dumpsters, etc.  We have several other computers that 
I want to set up for friends and freecyclers with linux (Opera and 
Abiword) instead of Win98 (WORD and IE).  I can fit linux nicely into 
under 100MB so have also added it to friend's working MS computers.

>> I can try to set up a firewall with ipchains and default gateway again
>> with crossover cable (if I can find my notes).
>
> Sure, if you wish.

> I hope you realise that your prior postings indicated that you'd nmapped
> the machine (well, for TCP services, anyway) from localhost, and found
> nothing at all running.  Assuming that is reliable information (e.g.,
> that no intruder has installed a trojaned copy of nmap that omits
> crucial data), then obviously your host has nothing running (using TCP
> ports, anyway), and re-doing that check from a nearby host wouldn't tell
> you more.

That is why I asked if there is any point to doing this, other than for 
practice.

How would someone install a trojanned copy of nmap when I never have any 
ports open to come through?  If I had a trojanned copy, why did I not 
find it with 'which nmap', which finds any executables on the path, when I 
renamed the downloaded nmap temporarily?

How can someone put files on my computer if I am not running a server and 
I don't even download emails to my own computer (I use pine at a shell 
account)?  I even delete Opera cache on exit and it is not on the path 
anyway.

> The reason why nmapping from localhost is a bad idea (leaving aside the
> problem of trojaned copies) is that it _overreports_ by including
> services reachable only locally, whereas what's actually of interest are
> those services that other machines will see and can use.

The X server is my only service, and it is only reachable locally.
So in my case why should I run nmap to scan my system if I am not running 
any servers on it besides X?

>> Is that what you meant by 'same ISP point of presence'?
>
> A "point of presence" (in this context) is basically a cluster of
> dial-in numbers that reach the same ISP router.

I cannot dial in twice at the same time to the same ISP without having two 
accounts.  If I tried they might be annoyed.

>> And what would I learn other than that I do not have any open ports
>> because I am not running any servers (unless a default gateway in my own
>> local network is a server of some sort)?
>
> I didn't tell you to run nmap.

Someone on the TAG list asked about chkrootkit and someone said to scan my 
ports so I downloaded programs to do both, and neither of them found any 
problems or potential problems.  I am at least learning a lot.

> I was just suggesting ways to use it effectively _if_ you have reason to
> use nmap -- and also proving to you that, no, you certainly do not need
> to understand its 100 pages of manpage, to use it.

If I understand correctly, I have no reason to use it unless I want to run 
things like ftpd or sshd while I am online.  I ran pureftpd once as an 
experiment to check if I had a way to transfer files via ethernet to and 
from a Windows computer.  Offline.

I will, unless someone explains why not to, set up friends to load X and 
rxvt as root, insert modules and dial as root, then go online su user with 
Opera, just in case Opera can be hijacked somehow to do something nasty on 
the computer running it.

9.02 has major security fixes but the two versions I downloaded require a 
later glibc, which (from Slackware) requires a later kernel than we have, 
which is not impossible.  Should I be concerned about the following:

the RSA signature checking problem found in openssl

a URL tag parsing heap overflow that could potentially execute code

My friends do not need the added features - Bittorrent support, Widgets, 
or Acid 2, or IMAP mailer code.  They mainly want to write webmail.

Sindi Keesan