[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse
Subject: Re: [opensuse] any issues with cups broadcasts and leap15 ?
From: "Carlos E. R." <robin.listas () gmx ! es>
Date: 2018-09-19 14:33:48
Message-ID: 15846e62-d850-5102-25cd-ebc42379a240 () gmx ! es
[Download RAW message or body]
On 18/09/2018 14.32, Per Jessen wrote:
> Carlos E. R. wrote:
>
>> On 18/09/2018 01.55, Per Jessen wrote:
>>> Carlos E. R. wrote:
>>>
>>>> On 16/09/2018 03.54, Per Jessen wrote:
>>>>> Carlos E. R. wrote:
>>>>>
>>>>>> On 15/09/2018 12.28, Per Jessen wrote:
>>>>>>> Carlos E. R. wrote:
>>>>
>>>> ...
>>>>
>>>>>>> Have you been able to confirm it? With an external tool for
>>>>>>> instance?
>>>>>>
>>>>>> Me? Nope. I don't know how to do it.
>>>>>> I only know that it is an old version, Dropbear 0.46, dated 2005.
>>>>>>
>>>>>> nmap ... -p 22 -sV --version-all:
>>>>>>
>>>>>> PORT STATE SERVICE VERSION
>>>>>> 22/tcp open ssh Dropbear sshd 0.46 (protocol 2.0)
>>>>>> Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
>>>>>
>>>>> Well, having port 22 open to the public with an ancient sshd is
>>>>> certainly risky, I would say. Seems you have confirmed the risk.
>>>>> I guess there is no way for you modify the config of that router?
>>>>
>>>> I can not disable the service, but I can close the port on the
>>>> firewall.
>>>
>>> That would still leave your router open though.
>>
>> I don't understand. If it is closed in the firewall, it is closed,
>> problem solved.
>
> I assume that the firewall is placed between the internal/LAN and the
> external/WAN interface - you can close port 22 all your want, but if
> you have an sshd listening on the external interface, that won't be
> affected.
It has both, I understand. I did close it some weeks ago, and then you
checked my IP and you said therre was no ssh. Then I undid that while
solving another problem and forgot to put it back, and I do not dare to
touch it till my trip ends.
>>>>>> I don't know of a tool that tests for real weaknesses.
>>>>>
>>>>> The above is a real weakness :-)
>>>>
>>>> Not enough unless I can tell my ISP that that router is exploitable
>>>> by doing exactly what. With a reference.
>>>
>>> What does "not enough" mean? Not enough for what?
>>
>> Not enough to convince my ISP to issue a nation wide upgrade.
>
> Ah, okay.
And they will not issue an upgrade for a single router. They might tell
me to upgrade my current hardware for a monthly fee, and I do not want
to do that.
If the router is faulty and I can prove it easily, they have to be told.
Once I close the firewall I will not care either way, but I would have
done my duty.
--
Cheers / Saludos,
Carlos E. R.
(from openSUSE 15.0 (Legolas))
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic