[opensuse] any issues with cups broadcasts and leap15 ?
After installing a new desktop, the first thing I do is to go enable network printing, than the print server will broadcast and I get a available printers. I've just tried that with a desktop, and it kept insisting "there are no printers". tcpdump showed the broadcasts coming in. -- Per Jessen, Zürich (24.3°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/09/2018 12.36, Per Jessen wrote:
After installing a new desktop, the first thing I do is to go enable network printing, than the print server will broadcast and I get a available printers. I've just tried that with a desktop, and it kept insisting "there are no printers". tcpdump showed the broadcasts coming in.
It is the firewall. Happened to me. I simply enter the IP or name of the printer. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 10/09/2018 12.36, Per Jessen wrote:
After installing a new desktop, the first thing I do is to go enable network printing, than the print server will broadcast and I get a available printers. I've just tried that with a desktop, and it kept insisting "there are no printers". tcpdump showed the broadcasts coming in.
It is the firewall.
No firewall active between desktop and print server.
Happened to me. I simply enter the IP or name of the printer.
That is also what I did yesterday, but the broadcast has always worked. Sofar. I guess it doesn't matter much if I use the brodcast config or just specifically configure "printserver". -- Per Jessen, Zürich (16.8°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/09/2018 02.21, Per Jessen wrote:
Carlos E. R. wrote:
On 10/09/2018 12.36, Per Jessen wrote:
After installing a new desktop, the first thing I do is to go enable network printing, than the print server will broadcast and I get a available printers. I've just tried that with a desktop, and it kept insisting "there are no printers". tcpdump showed the broadcasts coming in.
It is the firewall.
No firewall active between desktop and print server.
Happened to me. I simply enter the IP or name of the printer.
That is also what I did yesterday, but the broadcast has always worked. Sofar. I guess it doesn't matter much if I use the brodcast config or just specifically configure "printserver".
Well, it should work, it just has never worked for me, in any release. In my case, it's always been the firewall. Reminds me, the IRC people claim my router is vulnerable, so using internal firewalls is a must ;-) -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 11/09/2018 02.21, Per Jessen wrote:
Carlos E. R. wrote:
On 10/09/2018 12.36, Per Jessen wrote:
After installing a new desktop, the first thing I do is to go enable network printing, than the print server will broadcast and I get a available printers. I've just tried that with a desktop, and it kept insisting "there are no printers". tcpdump showed the broadcasts coming in.
It is the firewall.
No firewall active between desktop and print server.
Happened to me. I simply enter the IP or name of the printer.
That is also what I did yesterday, but the broadcast has always worked. Sofar. I guess it doesn't matter much if I use the brodcast config or just specifically configure "printserver".
Well, it should work, it just has never worked for me, in any release.
Up until 15.0, that's all we've ever used. It was even automatic until a recent cups release, so now you have to go explicitly enable it with YaST.
In my case, it's always been the firewall. Reminds me, the IRC people claim my router is vulnerable, so using internal firewalls is a must ;-)
I thought we had sorted that one out? -- Per Jessen, Zürich (27.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/09/2018 11.01, Per Jessen wrote:
Carlos E. R. wrote:
On 11/09/2018 02.21, Per Jessen wrote:
Carlos E. R. wrote:
On 10/09/2018 12.36, Per Jessen wrote:
After installing a new desktop, the first thing I do is to go enable network printing, than the print server will broadcast and I get a available printers. I've just tried that with a desktop, and it kept insisting "there are no printers". tcpdump showed the broadcasts coming in.
It is the firewall.
No firewall active between desktop and print server.
Happened to me. I simply enter the IP or name of the printer.
That is also what I did yesterday, but the broadcast has always worked. Sofar. I guess it doesn't matter much if I use the brodcast config or just specifically configure "printserver".
Well, it should work, it just has never worked for me, in any release.
Up until 15.0, that's all we've ever used. It was even automatic until a recent cups release, so now you have to go explicitly enable it with YaST.
In my case, it's always been the firewall. Reminds me, the IRC people claim my router is vulnerable, so using internal firewalls is a must ;-)
I thought we had sorted that one out?
Yes. But till now, it was just a precaution, "just in case". Now I have some sort of confirmation that it is vulnerable, so I feel justified in having firewalls in all my computers, inside the LAN :-) -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/11/2018 11:11 AM, Carlos E. R. wrote:
Yes.
But till now, it was just a precaution, "just in case". Now I have some sort of confirmation that it is vulnerable, so I feel justified in having firewalls in all my computers, inside the LAN :-)
Oh brother.... what a tangled web we weave... I too have the default suse-firewall running inside the LAN, not because it was something that I absolutely wanted from a security standpoint, but simply because it works well enough and doesn't interfere with anything I need to do, and it easy to tweak if I need a special-exception. For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op vrijdag 14 september 2018 02:24:36 CEST schreef David C. Rankin:
On 09/11/2018 11:11 AM, Carlos E. R. wrote:
Yes.
But till now, it was just a precaution, "just in case". Now I have some sort of confirmation that it is vulnerable, so I feel justified in having firewalls in all my computers, inside the LAN :-)
Oh brother.... what a tangled web we weave...
I too have the default suse-firewall running inside the LAN, not because it was something that I absolutely wanted from a security standpoint, but simply because it works well enough and doesn't interfere with anything I need to do, and it easy to tweak if I need a special-exception.
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today... You wrote in another thread that Tw is what you use for a server. It doesn't have SuSEfirewall anymore, but firewalld and has had this for quite a while.....
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Knurpht-openSUSE <knurpht@opensuse.org> [09-13-18 20:31]:
Op vrijdag 14 september 2018 02:24:36 CEST schreef David C. Rankin:
On 09/11/2018 11:11 AM, Carlos E. R. wrote:
Yes.
But till now, it was just a precaution, "just in case". Now I have some sort of confirmation that it is vulnerable, so I feel justified in having firewalls in all my computers, inside the LAN :-)
Oh brother.... what a tangled web we weave...
I too have the default suse-firewall running inside the LAN, not because it was something that I absolutely wanted from a security standpoint, but simply because it works well enough and doesn't interfere with anything I need to do, and it easy to tweak if I need a special-exception.
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today... You wrote in another thread that Tw is what you use for a server. It doesn't have SuSEfirewall anymore, but firewalld and has had this for quite a while.....
but if you did not reinstall Tw after firewalld became the standard, you still have SuSEfirewall2. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op vrijdag 14 september 2018 02:37:54 CEST schreef Patrick Shanahan:
* Knurpht-openSUSE <knurpht@opensuse.org> [09-13-18 20:31]:
Op vrijdag 14 september 2018 02:24:36 CEST schreef David C. Rankin:
On 09/11/2018 11:11 AM, Carlos E. R. wrote:
Yes.
But till now, it was just a precaution, "just in case". Now I have some sort of confirmation that it is vulnerable, so I feel justified in having firewalls in all my computers, inside the LAN :-)
Oh brother.... what a tangled web we weave...
I too have the default suse-firewall running inside the LAN, not because it was something that I absolutely wanted from a security standpoint, but simply because it works well enough and doesn't interfere with anything I need to do, and it easy to tweak if I need a special-exception.
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today...
You wrote in another thread that Tw is what you use for a server. It doesn't have SuSEfirewall anymore, but firewalld and has had this for quite a while.....
but if you did not reinstall Tw after firewalld became the standard, you still have SuSEfirewall2. Yeah, not upgrading a rolling release is something one would assume before anything else :)
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Knurpht-openSUSE <knurpht@opensuse.org> [09-13-18 20:42]:
Op vrijdag 14 september 2018 02:37:54 CEST schreef Patrick Shanahan:
* Knurpht-openSUSE <knurpht@opensuse.org> [09-13-18 20:31]:
Op vrijdag 14 september 2018 02:24:36 CEST schreef David C. Rankin:
On 09/11/2018 11:11 AM, Carlos E. R. wrote:
Yes.
But till now, it was just a precaution, "just in case". Now I have some sort of confirmation that it is vulnerable, so I feel justified in having firewalls in all my computers, inside the LAN :-)
Oh brother.... what a tangled web we weave...
I too have the default suse-firewall running inside the LAN, not because it was something that I absolutely wanted from a security standpoint, but simply because it works well enough and doesn't interfere with anything I need to do, and it easy to tweak if I need a special-exception.
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today...
You wrote in another thread that Tw is what you use for a server. It doesn't have SuSEfirewall anymore, but firewalld and has had this for quite a while.....
but if you did not reinstall Tw after firewalld became the standard, you still have SuSEfirewall2. Yeah, not upgrading a rolling release is something one would assume before anything else :)
yes, my work machine until last week was still rolling from Greg KH's original settings, several years. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-09-13 8:24 p.m., David C. Rankin wrote:
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today...
What's with this "now"? This has always been part of any real world security policy. Don't let a penetration cascade. We've had many terms for it even in the days before computers, 'need to know', 'silo-ization', and many more than have come down to us in this business. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/09/2018 07.37, Anton Aylward wrote:
On 2018-09-13 8:24 p.m., David C. Rankin wrote:
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today...
What's with this "now"? This has always been part of any real world security policy. Don't let a penetration cascade. We've had many terms for it even in the days before computers, 'need to know', 'silo-ization', and many more than have come down to us in this business.
Well, in my case, normally I don't get dangers from inside unless they are guests to the house. My worry now is the router being compromised: previously it was just a faint possibility, now IRC people claim it is a certain possibility. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 14/09/2018 07.37, Anton Aylward wrote:
On 2018-09-13 8:24 p.m., David C. Rankin wrote:
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today...
What's with this "now"? This has always been part of any real world security policy. Don't let a penetration cascade. We've had many terms for it even in the days before computers, 'need to know', 'silo-ization', and many more than have come down to us in this business.
Well, in my case, normally I don't get dangers from inside unless they are guests to the house. My worry now is the router being compromised: previously it was just a faint possibility, now IRC people claim it is a certain possibility.
Have you been able to confirm it? With an external tool for instance? -- Per Jessen, Zürich (21.7°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
On 14/09/2018 07.37, Anton Aylward wrote:
On 2018-09-13 8:24 p.m., David C. Rankin wrote:
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today...
What's with this "now"? This has always been part of any real world security policy. Don't let a penetration cascade. We've had many terms for it even in the days before computers, 'need to know', 'silo-ization', and many more than have come down to us in this business.
Well, in my case, normally I don't get dangers from inside unless they are guests to the house. My worry now is the router being compromised: previously it was just a faint possibility, now IRC people claim it is a certain possibility.
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005. nmap ... -p 22 -sV --version-all: PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel I don't know of a tool that tests for real weaknesses. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-09-15 20:17, Carlos E. R. wrote:
I don't know of a tool that tests for real weaknesses.
Metasploit But you need to know a bit about the exploit first. It's not a "test everything tool". Normally you scan hosts that are up then for open ports. After that you do a educated guess and fire up your Metasploit and load one of the vulnerabilities and push the "start" button. If it works you get a shell to operate from. https://www.exploit-db.com/search/?action=search&q=Dropbear+SSH I always have Kali Linux on a USB in my suitcase. It comes in handy more than one would think. Quite often when customers ask for help with their network and I'm on site. ref. https://www.metasploit.com/ https://www.kali.org/ Cheers, -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/09/2018 17.24, Bengt Gördén wrote:
On 2018-09-15 20:17, Carlos E. R. wrote:
I don't know of a tool that tests for real weaknesses.
Metasploit
But you need to know a bit about the exploit first. It's not a "test everything tool". Normally you scan hosts that are up then for open ports. After that you do a educated guess and fire up your Metasploit and load one of the vulnerabilities and push the "start" button. If it works you get a shell to operate from.
But I do not want to get a shell, I only want a certification that this router is vulnerable because it can be hacked with this hack. I certainly do not want to hack it, it is my router. I once saw a Windows program that scanned all machines on the local network and listed all of them with all the known vulnerabilities with links to descriptions and instructions about what patch was required to close it. Above all I can not cause the router to malfunction because of the scan. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 15/09/2018 17.24, Bengt Gördén wrote:
On 2018-09-15 20:17, Carlos E. R. wrote:
I don't know of a tool that tests for real weaknesses.
Metasploit
But you need to know a bit about the exploit first. It's not a "test everything tool". Normally you scan hosts that are up then for open ports. After that you do a educated guess and fire up your Metasploit and load one of the vulnerabilities and push the "start" button. If it works you get a shell to operate from.
But I do not want to get a shell, I only want a certification that this router is vulnerable because it can be hacked with this hack. I certainly do not want to hack it, it is my router.
Isn't that what Bengt says? If you get a shell, you have found a vulnerability. -- Per Jessen, Zürich (16.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-09-18 07:57, Per Jessen wrote:
Carlos E. R. wrote:
But I do not want to get a shell, I only want a certification that this router is vulnerable because it can be hacked with this hack. I certainly do not want to hack it, it is my router.
Isn't that what Bengt says? If you get a shell, you have found a vulnerability.
Yes. Spot on. And if I may add. There is no other way to be 100% sure. The rest is assumptions in various degrees of probabilities. Carlos, If you need an open source vulnerability scanner. I suggest OpenVAS. It's dropped in Leap 15 and TW. You can still install version 8 in Leap 43.2. But the stable version is now 9 and 10 is in the making. I would actually go for Kali Linux on USB or the Greenbone supplied appliance and be done with it. There is a multitude of howtos out there. I did a short google and here a couple of recent videos. install https://www.youtube.com/watch?v=fEANg6gyV5A run https://www.youtube.com/watch?v=koMo_fSQGlk Cheers, -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/09/2018 07.11, Bengt Gördén wrote:
On 2018-09-18 07:57, Per Jessen wrote:
Carlos E. R. wrote:
But I do not want to get a shell, I only want a certification that this router is vulnerable because it can be hacked with this hack. I certainly do not want to hack it, it is my router.
Isn't that what Bengt says? If you get a shell, you have found a vulnerability.
Yes. Spot on. And if I may add. There is no other way to be 100% sure. The rest is assumptions in various degrees of probabilities.
A market recognized tool that says "you have this vulnerability" is what I would need. I do not want to hack my own router, not even try.
Carlos,
If you need an open source vulnerability scanner. I suggest OpenVAS. It's dropped in Leap 15 and TW. You can still install version 8 in Leap 43.2. But the stable version is now 9 and 10 is in the making. I would actually go for Kali Linux on USB or the Greenbone supplied appliance and be done with it. There is a multitude of howtos out there. I did a short google and here a couple of recent videos.
install https://www.youtube.com/watch?v=fEANg6gyV5A run https://www.youtube.com/watch?v=koMo_fSQGlk
I may try that. But if something exists in Windows that does it, I might use Windows. These people do not want to see the word "Linux". Something that they can do themselves. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R. <robin.listas@gmx.es> [09-18-18 10:43]:
On 18/09/2018 07.11, Bengt Gördén wrote:
On 2018-09-18 07:57, Per Jessen wrote:
Carlos E. R. wrote:
But I do not want to get a shell, I only want a certification that this router is vulnerable because it can be hacked with this hack. I certainly do not want to hack it, it is my router.
Isn't that what Bengt says? If you get a shell, you have found a vulnerability.
Yes. Spot on. And if I may add. There is no other way to be 100% sure. The rest is assumptions in various degrees of probabilities.
A market recognized tool that says "you have this vulnerability" is what I would need. I do not want to hack my own router, not even try.
Carlos,
If you need an open source vulnerability scanner. I suggest OpenVAS. It's dropped in Leap 15 and TW. You can still install version 8 in Leap 43.2. But the stable version is now 9 and 10 is in the making. I would actually go for Kali Linux on USB or the Greenbone supplied appliance and be done with it. There is a multitude of howtos out there. I did a short google and here a couple of recent videos.
install https://www.youtube.com/watch?v=fEANg6gyV5A run https://www.youtube.com/watch?v=koMo_fSQGlk
I may try that. But if something exists in Windows that does it, I might use Windows. These people do not want to see the word "Linux". Something that they can do themselves.
even though the router's operating system is probably linux or a derivative of linux, :) -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/18/2018 11:27 AM, Patrick Shanahan wrote:
even though the router's operating system is probably linux or a derivative of linux, :)
I run pfSense, which is based on FreeBSD. Netgate hardware runs pfSense too. I seem to recall *BSD is used in some other hardware. No doubt Apple gear would run on it. https://en.wikipedia.org/wiki/PfSense https://www.netgate.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/09/2018 11.27, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@gmx.es> [09-18-18 10:43]:
On 18/09/2018 07.11, Bengt Gördén wrote:
On 2018-09-18 07:57, Per Jessen wrote:
Carlos E. R. wrote:
But I do not want to get a shell, I only want a certification that this router is vulnerable because it can be hacked with this hack. I certainly do not want to hack it, it is my router.
Isn't that what Bengt says? If you get a shell, you have found a vulnerability.
Yes. Spot on. And if I may add. There is no other way to be 100% sure. The rest is assumptions in various degrees of probabilities.
A market recognized tool that says "you have this vulnerability" is what I would need. I do not want to hack my own router, not even try.
Carlos,
If you need an open source vulnerability scanner. I suggest OpenVAS. It's dropped in Leap 15 and TW. You can still install version 8 in Leap 43.2. But the stable version is now 9 and 10 is in the making. I would actually go for Kali Linux on USB or the Greenbone supplied appliance and be done with it. There is a multitude of howtos out there. I did a short google and here a couple of recent videos.
install https://www.youtube.com/watch?v=fEANg6gyV5A run https://www.youtube.com/watch?v=koMo_fSQGlk
I may try that. But if something exists in Windows that does it, I might use Windows. These people do not want to see the word "Linux". Something that they can do themselves.
even though the router's operating system is probably linux or a derivative of linux, :)
And even though the technicians there use Debian or Red Hat for some tasks. I saw it with my own eyes, more than a decade ago. I'd think they still do. Pff... -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-09-18 16:43, Carlos E. R. wrote:
I may try that. But if something exists in Windows that does it, I might use Windows. These people do not want to see the word "Linux". Something that they can do themselves.
For windows you could try a "try" license for Nessus. It's an impressive piece of software for scanning. It went closed source in mid 2000. Quite steep to bye though. About $2000/year. https://www.tenable.com/try There is a home-version that I've never tried. Seems to work for 16 hosts. https://www.tenable.com/products/nessus-home -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/09/2018 11.45, Bengt Gördén wrote:
On 2018-09-18 16:43, Carlos E. R. wrote:
I may try that. But if something exists in Windows that does it, I might use Windows. These people do not want to see the word "Linux". Something that they can do themselves.
For windows you could try a "try" license for Nessus. It's an impressive piece of software for scanning. It went closed source in mid 2000. Quite steep to bye though. About $2000/year.
There is a home-version that I've never tried. Seems to work for 16 hosts.
Thanks :-) I'll try the home version when I get back :-) I'll ask a friend to use their home connection to scan mine ;-) -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
On 14/09/2018 07.37, Anton Aylward wrote:
On 2018-09-13 8:24 p.m., David C. Rankin wrote:
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today...
What's with this "now"? This has always been part of any real world security policy. Don't let a penetration cascade. We've had many terms for it even in the days before computers, 'need to know', 'silo-ization', and many more than have come down to us in this business.
Well, in my case, normally I don't get dangers from inside unless they are guests to the house. My worry now is the router being compromised: previously it was just a faint possibility, now IRC people claim it is a certain possibility.
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-) -- Per Jessen, Zürich (15.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Per Jessen <per@computer.org> [09-16-18 03:57]:
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
On 14/09/2018 07.37, Anton Aylward wrote:
On 2018-09-13 8:24 p.m., David C. Rankin wrote:
For years the goal was to keep the bad stuff outside your LAN, now it seems the presumption is that there is bad stuff inside your LAN.... That is a creepy metaphor for the world today...
What's with this "now"? This has always been part of any real world security policy. Don't let a penetration cascade. We've had many terms for it even in the days before computers, 'need to know', 'silo-ization', and many more than have come down to us in this business.
Well, in my case, normally I don't get dangers from inside unless they are guests to the house. My worry now is the router being compromised: previously it was just a faint possibility, now IRC people claim it is a certain possibility.
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
change the ssh port to something high like 12222 -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Patrick Shanahan wrote:
* Per Jessen <per@computer.org> [09-16-18 03:57]:
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
On 14/09/2018 07.37, Anton Aylward wrote:
On 2018-09-13 8:24 p.m., David C. Rankin wrote: > For years the goal was to keep the bad stuff outside your LAN, > now it seems the presumption is that there is bad stuff inside > your LAN.... That is a creepy metaphor for the world today...
What's with this "now"? This has always been part of any real world security policy. Don't let a penetration cascade. We've had many terms for it even in the days before computers, 'need to know', 'silo-ization', and many more than have come down to us in this business.
Well, in my case, normally I don't get dangers from inside unless they are guests to the house. My worry now is the router being compromised: previously it was just a faint possibility, now IRC people claim it is a certain possibility.
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
change the ssh port to something high like 12222
Yeah, but if Carlos has access to the config, why not just it off? -- Per Jessen, Zürich (20.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op zondag 16 september 2018 14:23:48 CEST schreef Patrick Shanahan:
* Per Jessen <per@computer.org> [09-16-18 03:57]:
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
On 14/09/2018 07.37, Anton Aylward wrote:
On 2018-09-13 8:24 p.m., David C. Rankin wrote: > For years the goal was to keep the bad stuff outside your LAN, now > it seems the presumption is that there is bad stuff inside your > LAN.... That is a creepy metaphor for the world today...
What's with this "now"? This has always been part of any real world security policy. Don't let a penetration cascade. We've had many terms for it even in the days before computers, 'need to know', 'silo-ization', and many more than have come down to us in this business.
Well, in my case, normally I don't get dangers from inside unless they are guests to the house. My worry now is the router being compromised: previously it was just a faint possibility, now IRC people claim it is a certain possibility.
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
change the ssh port to something high like 12222 These days that's useless. The script kiddies found they need to scan all ports. Changed my server from 22 to 49155. Took two days and then I saw failed ssh login attempts in the logs.
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 16/09/2018 08.23, Patrick Shanahan wrote:
* Per Jessen <> [09-16-18 03:57]:
Carlos E. R. wrote:
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
change the ssh port to something high like 12222
The router firmware does not allow such a thing. It is the router own ssh service. Of course that the computer that I use to ssh-in from internet is on a very different port. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 16/09/2018 03.54, Per Jessen wrote:
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
...
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I can not disable the service, but I can close the port on the firewall.
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
Not enough unless I can tell my ISP that that router is exploitable by doing exactly what. With a reference. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 16/09/2018 03.54, Per Jessen wrote:
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
...
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I can not disable the service, but I can close the port on the firewall.
That would still leave your router open though.
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
Not enough unless I can tell my ISP that that router is exploitable by doing exactly what. With a reference.
What does "not enough" mean? Not enough for what? -- Per Jessen, Zürich (17.1°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/09/2018 01.55, Per Jessen wrote:
Carlos E. R. wrote:
On 16/09/2018 03.54, Per Jessen wrote:
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
...
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I can not disable the service, but I can close the port on the firewall.
That would still leave your router open though.
I don't understand. If it is closed in the firewall, it is closed, problem solved.
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
Not enough unless I can tell my ISP that that router is exploitable by doing exactly what. With a reference.
What does "not enough" mean? Not enough for what?
Not enough to convince my ISP to issue a nation wide upgrade. I already told them about the issue, and they ignored it. I'm simply to close the port in the firewall, and it is only me who has an issue because of IRC, not everybody. Not that the router has a hole that needs to be solved or the router replaced nationwide. The report I opened with them is now closed. They are not going to investigate it. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 18/09/2018 01.55, Per Jessen wrote:
Carlos E. R. wrote:
On 16/09/2018 03.54, Per Jessen wrote:
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote:
Carlos E. R. wrote:
...
Have you been able to confirm it? With an external tool for instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I can not disable the service, but I can close the port on the firewall.
That would still leave your router open though.
I don't understand. If it is closed in the firewall, it is closed, problem solved.
I assume that the firewall is placed between the internal/LAN and the external/WAN interface - you can close port 22 all your want, but if you have an sshd listening on the external interface, that won't be affected.
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
Not enough unless I can tell my ISP that that router is exploitable by doing exactly what. With a reference.
What does "not enough" mean? Not enough for what?
Not enough to convince my ISP to issue a nation wide upgrade.
Ah, okay. -- Per Jessen, Zürich (19.5°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/09/2018 14.32, Per Jessen wrote:
Carlos E. R. wrote:
On 18/09/2018 01.55, Per Jessen wrote:
Carlos E. R. wrote:
On 16/09/2018 03.54, Per Jessen wrote:
Carlos E. R. wrote:
On 15/09/2018 12.28, Per Jessen wrote: > Carlos E. R. wrote:
...
> Have you been able to confirm it? With an external tool for > instance?
Me? Nope. I don't know how to do it. I only know that it is an old version, Dropbear 0.46, dated 2005.
nmap ... -p 22 -sV --version-all:
PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Well, having port 22 open to the public with an ancient sshd is certainly risky, I would say. Seems you have confirmed the risk. I guess there is no way for you modify the config of that router?
I can not disable the service, but I can close the port on the firewall.
That would still leave your router open though.
I don't understand. If it is closed in the firewall, it is closed, problem solved.
I assume that the firewall is placed between the internal/LAN and the external/WAN interface - you can close port 22 all your want, but if you have an sshd listening on the external interface, that won't be affected.
It has both, I understand. I did close it some weeks ago, and then you checked my IP and you said therre was no ssh. Then I undid that while solving another problem and forgot to put it back, and I do not dare to touch it till my trip ends.
I don't know of a tool that tests for real weaknesses.
The above is a real weakness :-)
Not enough unless I can tell my ISP that that router is exploitable by doing exactly what. With a reference.
What does "not enough" mean? Not enough for what?
Not enough to convince my ISP to issue a nation wide upgrade.
Ah, okay.
And they will not issue an upgrade for a single router. They might tell me to upgrade my current hardware for a monthly fee, and I do not want to do that. If the router is faulty and I can prove it easily, they have to be told. Once I close the firewall I will not care either way, but I would have done my duty. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Anton Aylward -
Bengt Gördén -
Carlos E. R. -
David C. Rankin -
James Knott -
Knurpht-openSUSE -
Patrick Shanahan -
Per Jessen