Re: Printer exploit?

[Thomas Corriher <tcorriher () earthlink net>]

> (Oh, how I hope they have improved :) but the thing to look for in their
> setup utilities is a way to restrict connections to only a few IP
> addresses -- the print servers on your NT/Unix machines that have
> logging and much better access controls (tcpd aka tcp wrappers, or an NT
> equivelent which I hope exists).

This is just a technicality, but I do not think that the lp
daemon uses the standard TCP Wrappers.  This is because the
daemon consults the /etc/hosts.lpd file, instead of the usual
/etc/hosts.allow file.  The format is different too.  Everyone
who uses the generic lpd should create (touch) the /etc/hosts.lpd
file on every new machine, to block unapproved access to the
daemon.  An empty file means no access.  Counting on the
/etc/hosts.allow and /etc/hosts.deny files for protection is
useless.  I wonder if some of the people reading this are now
saying to themselves: oh sh...  What I have said is true for
Linux lpd.  There may be differences in the lpds which are
shipped with other Unices.

-- 
  Thomas Corriher




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com