[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: weird messages in syslog

"nate" <debian-user@aphroland.org> wrote:

|> looks like you might of been hit with a lprng exploit .. >>
|> http://www.securityfocus.com/archive/1/85002
|> hope your lprng is updated!

Rick Pasotto <rick@niof.net> wrote:

|> I've occasionally been getting something similar. I think I've
|> traced mine to the printer -- even though (or maybe because) it's
|> turned off.

Thank you both very much. Lprng certainly seems to be the culprit. I
have the version from `testing' (3.8.0). nmap shows:

   Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
   Interesting ports on MY-REAL-IP
   (The 65527 ports scanned but not shown below are in state: closed)
   Port       State       Service
   9/tcp      open        discard
   13/tcp     open        daytime
   22/tcp     open        ssh
   25/tcp     open        smtp
   37/tcp     open        time
   487/tcp    open        saft
   515/tcp    open        printer
   5865/tcp   open        unknown

Port 5865 is where junkbuster normally runs, I think, so I don't see
anything very suspicious here. I had telnet turned on temporarily (to
allow access for someone who does not have ssh), so maybe someone got
access through the printer port via telnet.

I've turned telnet off again. If anyone has any further advice, I'd be
really grateful,


Reply to: