Tim: >> All normal stuff, although they're listening to any address, rather >> than only listening to local addresses. That could be tightened up >> for some things, at least. I see no reason for CUPS to listen >> outside of your LAN, for instance. Samuel Sieb: > I assume you're referring to the lines like this: > tcp 0 0 0.0.0.0:ipp 0.0.0.0:* LISTEN root 22447 947/cupsd > > That foreign address is just a placeholder. Nothing is actually > connected. The process is listening for a connection and will > accept one from anywhere. It's up to the firewall to restrict that. Yes, but in my opinion, that's a shit way to do things. CUPS is *probably* not such an issue, but other things are more risky. It's not so much a placeholder, as a wildcard (this interface accepts connections from anywhere). As far as I'm concerned it's FAR better to configure a server to only listen to what it should do, rather than rely on something else to protect it. The moment someone stops the firewall to work something out, as many people will do (often foolishly), you've left that service vulnerable. On some ISPs they're so infested by scanning bots, you get infected within just a few seconds of connecting. I watched a friend's windows box get done 4 seconds after his USB ADSL modem connected, three times in a row. I laughed so hard. He'd spent hours installing, invited me to watch the final moments, bang. He couldn't remove the infestion, had to reinstall. Didn't listen to my advice about securing his PC before connecting to the net. Over an hour later after another install, it happened again. And again, his anti-virus didn't stop it, couldn't remove it, but did kindly inform him he'd been infected. And once more, another wipe, re-install, and re-infect, again, just for rubbing salt into the wounds. Then he believed me about configuring his network better. Would you not bother to properly configure a SMTP or SSH service, and just rely on the firewall to protect it? The original poster had already said that they'd previously been compromised. He's obviously at risk, so he's better off to secure his system better. -- uname -rsvp Linux 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
