Re: mysterious/suspicious internet activity.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim:
>> All normal stuff, although they're listening to any address, rather
>> than only listening to local addresses.  That could be tightened up
>> for some things, at least.  I see no reason for CUPS to listen
>> outside of your LAN, for instance.

Samuel Sieb:
> I assume you're referring to the lines like this:
> tcp        0      0 0.0.0.0:ipp             0.0.0.0:* LISTEN      root       22447      947/cupsd
> 
> That foreign address is just a placeholder. Nothing is actually 
> connected.  The process is listening for a connection and will
> accept one from anywhere.  It's up to the firewall to restrict that.

Yes, but in my opinion, that's a shit way to do things.  CUPS is
*probably* not such an issue, but other things are more risky.  It's
not so much a placeholder, as a wildcard (this interface accepts
connections from anywhere).

As far as I'm concerned it's FAR better to configure a server to only
listen to what it should do, rather than rely on something else to
protect it.  The moment someone stops the firewall to work something
out, as many people will do (often foolishly), you've left that service
vulnerable.  On some ISPs they're so infested by scanning bots, you get
infected within just a few seconds of connecting.

I watched a friend's windows box get done 4 seconds after his USB ADSL
modem connected, three times in a row.  I laughed so hard.  He'd spent
hours installing, invited me to watch the final moments, bang.  He
couldn't remove the infestion, had to reinstall.  Didn't listen to my
advice about securing his PC before connecting to the net.  Over an
hour later after another install, it happened again.  And again, his
anti-virus didn't stop it, couldn't remove it, but did kindly inform
him he'd been infected.  And once more, another wipe, re-install, and
re-infect, again, just for rubbing salt into the wounds.  Then he
believed me about configuring his network better.

Would you not bother to properly configure a SMTP or SSH service, and
just rely on the firewall to protect it?

The original poster had already said that they'd previously been
compromised.  He's obviously at risk, so he's better off to secure his
system better.

-- 
 
uname -rsvp
Linux 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux