> (Oh, how I hope they have improved :) but the thing to look for in their > setup utilities is a way to restrict connections to only a few IP > addresses -- the print servers on your NT/Unix machines that have > logging and much better access controls (tcpd aka tcp wrappers, or an NT > equivelent which I hope exists). This is just a technicality, but I do not think that the lp daemon uses the standard TCP Wrappers. This is because the daemon consults the /etc/hosts.lpd file, instead of the usual /etc/hosts.allow file. The format is different too. Everyone who uses the generic lpd should create (touch) the /etc/hosts.lpd file on every new machine, to block unapproved access to the daemon. An empty file means no access. Counting on the /etc/hosts.allow and /etc/hosts.deny files for protection is useless. I wonder if some of the people reading this are now saying to themselves: oh sh... What I have said is true for Linux lpd. There may be differences in the lpds which are shipped with other Unices. -- Thomas Corriher ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 08:15:53 PDT