November 25th, 2001, 06:23 PM
Port 515/tcp [And an NMAP question]
I just ran nmap on my linux box, scanning its own IP, and it reported
515/tcp open printer
What does that mean? A portscan from my Windows XP box revealed
515 :lpd :lp Malformed from address
Does this mean I can print to the printer attached to the Linux box from a windows box using the IP address, rather than having to enable Samba and set up SMB ****??
Also, the nmap question - does nmap scan UDP ports as well as TCP??
November 25th, 2001, 06:34 PM
I can't answer about the port 515. The link, http://www-uxsup.csx.cam.ac.uk/print...dprinter.html, might help though.
As for nmap, yes it does udp. Simply do nmap -sU ip. By running nmap by itself with no ip should give you a short listing of commands. I've listed them conveniently below for you and others.
nmap V. 2.53 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types ('*' options require root privileges)
-sT TCP connect() port scan (default)
* -sS TCP SYN stealth port scan (best all-around TCP scan)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p <range> ports to scan. Example range: '1-1024,1080,6666,31337'
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oM <logfile> Output normal/machine parsable scan logs to <logfile>
-iL <inputfile> Get targets from file; Use '-' for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
Man pages are wonderful tools.
Hope this helps.
November 25th, 2001, 07:44 PM
Thanks! I guess I should read the man page BEFORE i ask stuff here!
Anyone got any suggestions about 515/tcp, tho??
November 25th, 2001, 10:21 PM
LPRng, now being packaged in several open-source operating system distributions, has a missing format string argument in at least two calls to the syslog() function.
Missing format strings in function calls allow user-supplied arguments to be passed to a susceptible *snprintf() function call. Remote users with access to the printer port (port 515/tcp) may be able to pass format-string parameters that can overwrite arbitrary addresses in the printing service's address space. Such overwriting can cause segmentation violations leading to denial of printing services or to the execution of arbitrary code injected through other means into the memory segments of the printer service.
Blocking access to the vulnerable service will limit your exposure to attacks from outside your network perimeter. However, the vulnerability would still allow local users to gain privileges they normally shouldn't have; in addition, blocking port 515/tcp at a network perimeter would still allow any remote user inside the perimeter to exploit the vulnerability.
So depending on what version of linux you are running you could be in big trouble hope this helps
November 25th, 2001, 10:29 PM
As long as I keep it on my local net only (to which I am the only person with access to) it'll be fine, but can I use that to PRINT to the Linux printer from a windows based machine on the local network... if i can i'll leave it (since no one from the internet can get to my linux box anyway) but if not i might as well close it up!!
Details on both options would be much appreciated!
November 25th, 2001, 10:31 PM
By the way, I use linux mandrake and it only has very minimal security enforcements (i.e. one user can't see another users files unless their name is root)
November 25th, 2001, 10:34 PM
Dammit, forgot to give the version number..
I use Mandrake 7.1 but I'm looking for a cheap Mandrake 8 cd somewhere (any suggestions?)
It has a security level setting tool thing, so i use that rather than doing any real work and setting it up myself, so its set to low, cos only the local net has access to it, and only i have access to the local net... so if i *wanted* to do anything bad to my linux box I'd just go to it and log in as root anyway!
November 26th, 2001, 05:16 AM
Rewandythal, I believe so. I think you can install it on the windows PC (NT/2000 or later) as an LPR printer. There's probably some HOWTO out there on how to share printers with a Windows box without Samba.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
November 27th, 2001, 09:59 PM
Hey if i remeber correctly i belive mandrake 7.1 was one of the ones that needed to be patched im not for sure but i would look into it anyway