Re: Broadcast packets

To: Jim Penny <jpenny@universal-fasteners.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: Broadcast packets
From: Pedro Corte-Real <typo@netcabo.pt>
Date: Thu, 18 Oct 2001 21:54:35 +0100
Message-id: <EXCH01SMTP01rGGXP9w000422cd@smtp.netcabo.pt>
In-reply-to: <20011018164429.X24987@universal-fasteners.com>
References: <EXCH01SMTP01Q49LiIW0003f08a@smtp.netcabo.pt> <EXCH01SMTP02SXdUjps0001bf12@smtp.netcabo.pt> <20011018164429.X24987@universal-fasteners.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> This is not politics.  It is practicality.  You are using a fairly large
> suite of programs to do a fairly small job.  samba is 6254K installed,
> lprng is 3580K installed, lpr is 348K installed.  The biggest, most
> complex program that does the most things is also likely to be the most
> security problematic.  lprng is one hell of a lot bigger and cruftier than
> I would like, but has made a real effort at security.

I don't actualy need samba for printing, it's being used (for printing) 
because I can but Win2000 can print with IPP thus directly to cups. The 
problem is that I also use some filesystem exports. But I guess that if I 
*MUST* I'll drop samba but I'd rather not lose that functionality
>
> > I asked if it was possible to hear broadcast packages without binding to
> > 0.0.0.0 (all interfaces) but to 192.168.1.0 instead. Anyone know?
>
> See:
> http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.
>3/chap29sec284.html
>
> Look at :
> bind interfaces only = True
>
>     The option bind interfaces only if set to True, allows you to
>     limit what interfaces will serve smb requests. This is a security
>     feature. The configuration option interfaces = eth0 192.168.1.1
>     below completes this option.
>
> interfaces = eth0 192.168.1.1
>
>     The option interfaces allows you to override the default network
>     interface list that Samba will use for browsing, name registration
>     and other NBT traffic. By default, Samba will query the kernel for
>     the list of all active interfaces and use any interface, except
>     127.0.0.1, that is broadcast capable. With this option, Samba will
>     only listen on interface eth0 on the IP address 192.168.1.1. This
>     is a security feature, and completes the above configuration option
>     bind interfaces only = True.
>
> So, it would appear so.

That alone produces a config where samba listens on 0.0.0.0:137-138.
I reported that as a bug and got an awnser that to listen to broadcasts you 
actualy had to bind like that. I find that odd since every interface has a 
broadcast address. Any guru out there care to enlighten me?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7z0GR2SBo0jBmgGARAjM6AJ97qQgYJ4t9jM4z/fpBjy2FbUbOuQCg4DCm
7G27c7Ntp1/SdkTJm9r2nig=
=1pTy
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Broadcast packets
  - From: Alexander List <alexlist@sbox.tu-graz.ac.at>

References:
- Broadcast packets
  - From: Pedro Corte-Real <typo@netcabo.pt>
- Re: Broadcast packets
  - From: Pedro Corte-Real <typo@netcabo.pt>

Prev by Date: Re: Broadcast packets
Next by Date: expert kernel config for iptables.
Previous by thread: Re: Broadcast packets
Next by thread: Re: Broadcast packets
Index(es):
- Date
- Thread