Thank you Mandi for the informative and nice explanation of what was going on. I had narrowed it down to CUPS but I didn't know that it did browsing and that I could turn it off without negatively affecting CUPS. -----Original Message----- From: Mandi [mailto:mandi@linuxchick.org] Sent: Monday, February 24, 2003 6:10 PM To: ''Security-Discuss (security-discuss@linuxsecurity.com)' Subject: Re: Unwittingly flooding my internal network? On Mon, 24 Feb 2003, Woodworth, Lora wrote: > I just upgraded to Mandrake 9.0 on one of my boxes and my internal IDS > has now logged about 6500 packets from that machine. It appears to be > broadcasting on the local subnet udp packets destined to udp/631. Has > anyone ran into this problem? Does anyone know of a good way to > trouble shoot which service this is coming from? 631 is CUPS, common Unix printing system. by default, under mandrake, it is set to broadcast on the local network to share printer configurations among hosts without reconfiguring each host for every printer. you can get it to stop broadcasting by editing the file /etc/cups/cupsd.conf, and setting "Browsing" to off, then restarting the cups daemon. There are a couple other configurations in there so that it only responds to local requests. essentially, the file is setup like Apache's httpd.conf file. it's a regular service, so you can have it not start at boot time with chkconfig. HTH --mandi ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
