[TAG] (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1

Sat Jan 27 07:01:17 MSK 2007

>>> Sockets and ports are methods by which local and remote clients can
>>> connect to your machine. Try running 'netstat'; this will show you a
>>> list of your currently-open sockets and ports.
>>
>> bash:  netstat:  command not found
>>
>> You are making too many assumptions about my linux ;=)
>
> Perhaps you're making too few assumptions about the necessary tools that
> belong on a Linux box. :)

I did not create this distribution.  Why is netstat necessary?  Can I look 
in some directory under /proc instead?  (I do this instead of lspci).

>
>>>> Nobody in their right mind
>>>> would want my system.  The software is 8 years out of date (the hardware
>>>> is older than that) and the connection is dialup.  Should I be worried
>>>> anyway?
>>
>>> See my earlier point about resources. There are Russian and Polish
>>> companies (and probably lots of others, but those seem to be at the
>>> forefront) who will sell you their spam-distribution services and boast
>>> of "thousands of 'captured' machines" that they use for the purpose.
>>> It's a popular dodge for spammers these days, since it essentially
>>> counters IP blocking.
>>
>> I thought they went after broadband.  And Windows.  How exactly would they
>> attack a linux machine using dialup internet, without me noticing?
>
> None of these attacks would be problems if the user on the system
> noticed when they happened. They happen without you noticing *by
> definition*. As to how, the answer is "via ports and sockets". For a
> longer answer, I teach a five-day security course for Sun Microsystems
> on that, $3495 per student. :) Or you could study up via the resources
> available in many places on the Net.

Can you suggest an online primer on ports and sockets?

>> I do most of my browsing and emailing via a shell account to which I ssh
>> as root.  Am I still vulnerable to attack?

> Are we still talking about your system, or did you just introduce
> another one into the equation? Every open port and socket that you have
> is a way for other systems to connect to yours. Each of them has its own
> pros and cons. I couldn't begin to estimate what your exposure is,
> except that everything I've heard from you so far tells me that you're
> pretty vulnerable.

I boot into DOS, thence with loadlin into linux, then dial an ISP, and 
then ssh to a shell account.  Or dial directly to that shell account and 
ssh to another shell account.  I can kermit files from the second shell 
account to my own computer.  What part of this setup is vulnerable and why 
has nothing bad happened in four years?  I am not running any servers 
(even lpd) on my own computer that I know of.   Is Xvesa a server?  I 
think it uses a socket.

>> I don't know what magicfilter is, but I have a script that will let me
>> print from within X programs now, and don't even need a filter.  A few
>> years ago people using our distribution worked out how to use lpr and
>> printcap, but there is no need for them now.  I guess I should stop being
>> curious why lpr won't work for root.
>
> You can find out about "magicfilter" by searching for it, and you have a
> script that will print _some_ things but not others. I've been answering
> the question that you asked initially; since you now appear to have
> changed the question in the middle of the discussion, and since I'm not
> interested in providing ongoing support for every possible problem in
> your system, I'm going to call my end of it finished. Good luck.

I can print any format that I need to now, with gs or netpbm.

Since I no longer need to print as root with lpr it is indeed time to drop 
the original discussion.  Thanks for all your help, and for pointing out 
that lpr is a security risk.  I will read online about linux and security 
and maybe ssh as user once I figure out how.

> -- 
> * Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
>

Sindi Keesan