[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Broadcast packets

Hash: SHA1

> This is not politics.  It is practicality.  You are using a fairly large
> suite of programs to do a fairly small job.  samba is 6254K installed,
> lprng is 3580K installed, lpr is 348K installed.  The biggest, most
> complex program that does the most things is also likely to be the most
> security problematic.  lprng is one hell of a lot bigger and cruftier than
> I would like, but has made a real effort at security.

I don't actualy need samba for printing, it's being used (for printing) 
because I can but Win2000 can print with IPP thus directly to cups. The 
problem is that I also use some filesystem exports. But I guess that if I 
*MUST* I'll drop samba but I'd rather not lose that functionality
> > I asked if it was possible to hear broadcast packages without binding to
> > (all interfaces) but to instead. Anyone know?
> See:
> http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.
> Look at :
> bind interfaces only = True
>     The option bind interfaces only if set to True, allows you to
>     limit what interfaces will serve smb requests. This is a security
>     feature. The configuration option interfaces = eth0
>     below completes this option.
> interfaces = eth0
>     The option interfaces allows you to override the default network
>     interface list that Samba will use for browsing, name registration
>     and other NBT traffic. By default, Samba will query the kernel for
>     the list of all active interfaces and use any interface, except
>, that is broadcast capable. With this option, Samba will
>     only listen on interface eth0 on the IP address This
>     is a security feature, and completes the above configuration option
>     bind interfaces only = True.
> So, it would appear so.

That alone produces a config where samba listens on
I reported that as a bug and got an awnser that to listen to broadcasts you 
actualy had to bind like that. I find that odd since every interface has a 
broadcast address. Any guru out there care to enlighten me?

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


Reply to: