Re: weird messages in syslog
"nate" <debian-user@aphroland.org> wrote:
|> looks like you might of been hit with a lprng exploit .. >>
|>
|> http://www.securityfocus.com/archive/1/85002
|>
|> hope your lprng is updated!
Rick Pasotto <rick@niof.net> wrote:
|> I've occasionally been getting something similar. I think I've
|> traced mine to the printer -- even though (or maybe because) it's
|> turned off.
Thank you both very much. Lprng certainly seems to be the culprit. I
have the version from `testing' (3.8.0). nmap shows:
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on MY-REAL-IP
(The 65527 ports scanned but not shown below are in state: closed)
Port State Service
9/tcp open discard
13/tcp open daytime
22/tcp open ssh
25/tcp open smtp
37/tcp open time
487/tcp open saft
515/tcp open printer
5865/tcp open unknown
Port 5865 is where junkbuster normally runs, I think, so I don't see
anything very suspicious here. I had telnet turned on temporarily (to
allow access for someone who does not have ssh), so maybe someone got
access through the printer port via telnet.
I've turned telnet off again. If anyone has any further advice, I'd be
really grateful,
Jim
Reply to: