[TAG] (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1
keesan at grex.cyberspace.org
Sat Jan 27 07:01:17 MSK 2007
>>> Sockets and ports are methods by which local and remote clients can
>>> connect to your machine. Try running 'netstat'; this will show you a
>>> list of your currently-open sockets and ports.
>> bash: netstat: command not found
>> You are making too many assumptions about my linux ;=)
> Perhaps you're making too few assumptions about the necessary tools that
> belong on a Linux box. :)
I did not create this distribution. Why is netstat necessary? Can I look
in some directory under /proc instead? (I do this instead of lspci).
>>>> Nobody in their right mind
>>>> would want my system. The software is 8 years out of date (the hardware
>>>> is older than that) and the connection is dialup. Should I be worried
>>> See my earlier point about resources. There are Russian and Polish
>>> companies (and probably lots of others, but those seem to be at the
>>> forefront) who will sell you their spam-distribution services and boast
>>> of "thousands of 'captured' machines" that they use for the purpose.
>>> It's a popular dodge for spammers these days, since it essentially
>>> counters IP blocking.
>> I thought they went after broadband. And Windows. How exactly would they
>> attack a linux machine using dialup internet, without me noticing?
> None of these attacks would be problems if the user on the system
> noticed when they happened. They happen without you noticing *by
> definition*. As to how, the answer is "via ports and sockets". For a
> longer answer, I teach a five-day security course for Sun Microsystems
> on that, $3495 per student. :) Or you could study up via the resources
> available in many places on the Net.
Can you suggest an online primer on ports and sockets?
>> I do most of my browsing and emailing via a shell account to which I ssh
>> as root. Am I still vulnerable to attack?
> Are we still talking about your system, or did you just introduce
> another one into the equation? Every open port and socket that you have
> is a way for other systems to connect to yours. Each of them has its own
> pros and cons. I couldn't begin to estimate what your exposure is,
> except that everything I've heard from you so far tells me that you're
> pretty vulnerable.
I boot into DOS, thence with loadlin into linux, then dial an ISP, and
then ssh to a shell account. Or dial directly to that shell account and
ssh to another shell account. I can kermit files from the second shell
account to my own computer. What part of this setup is vulnerable and why
has nothing bad happened in four years? I am not running any servers
(even lpd) on my own computer that I know of. Is Xvesa a server? I
think it uses a socket.
>> I don't know what magicfilter is, but I have a script that will let me
>> print from within X programs now, and don't even need a filter. A few
>> years ago people using our distribution worked out how to use lpr and
>> printcap, but there is no need for them now. I guess I should stop being
>> curious why lpr won't work for root.
> You can find out about "magicfilter" by searching for it, and you have a
> script that will print _some_ things but not others. I've been answering
> the question that you asked initially; since you now appear to have
> changed the question in the middle of the discussion, and since I'm not
> interested in providing ongoing support for every possible problem in
> your system, I'm going to call my end of it finished. Good luck.
I can print any format that I need to now, with gs or netpbm.
Since I no longer need to print as root with lpr it is indeed time to drop
the original discussion. Thanks for all your help, and for pointing out
that lpr is a security risk. I will read online about linux and security
and maybe ssh as user once I figure out how.
> * Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
More information about the TAG