Beartooth wrote:
On Thu, 30 Oct 2008 22:44:19 +0100, Björn Persson wrote:
> 1: Check that Cups is actually listening on the network. Run this
> command as root on the machine where the printer is:
>
> netstat --inet --inet6 --listen --program --numeric | grep cupsd
>
> Does it say "192.168.x.y:631" or "127.0.0.1:631"?
No, neither.
[root@Hbsk2 ~]# netstat --inet --inet6 --listen --program --numeric |
grep cupsd
tcp 0 0 0.0.0.0:631
0.0.0.0:* LISTEN 2526/cupsd
tcp 0
0 :::631 :::* LISTEN
2526/cupsd
udp 0 0 0.0.0.0:631
0.0.0.0:* 2526/cupsd
[root@Hbsk2 ~]#
OK, "0.0.0.0" means "all addresses" in this case, so that's good.
Cups is
listening on the network.
> 2: Do you have a packet filter ("firewall") on the
machine where the
> printer is? Have you opened the IPP ports in the packet filter?
How do I tell?
Run system-config-firewall and on the page "Trusted Services" check the
box "Network Printing Server (IPP)".
Lacking the skills to be sure whether I've been cracked, let
alone those to recover, I try to be paranoid; I install denyhosts, for
instance, and likely other defenses that don't spring to mind.
I don't think Denyhosts affects IPP, but if you have installed some product
that's called a firewall, then it has probably replaced Fedora's packet
filter. In that case you should allow IPP in that product instead of in
system-config-firewall.
Also, the router that my ISP supplies (Netgear MBR 814) supplies
several kinds of defenses, which I have tried to set with caution. When I
want to do bittorrent, for instance, I have to go change the router
settings for a while. (I try to leave them changed long enough to give
back more that I take, before I change them back; but I haven't actually
used the torrent in months, so they are probably tight.)
Yes, it's important that the Netgear router block IPP traffic if you're going
to allow printing and administration over the network. Otherwise, as you
said, some script kiddie might think it fun to print gibberish or mess with
your printer configuration. It's also a safeguard against any security holes
in Cups that could otherwise be exploited to crack your computer. Because of
the way this kind of routers work, it most likely blocks anything that you
haven't explicitly allowed.
You should also be aware that if your wireless network is open, then anyone
who happens to be in the neighbourhood will also be able to access your
printer.
Björn Persson