'Re: [opensuse] any issues with cups broadcasts and leap15 ?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse
Subject:    Re: [opensuse] any issues with cups broadcasts and leap15 ?
From:       "Carlos E. R." <robin.listas () gmx ! es>
Date:       2018-09-19 14:33:48
Message-ID: 15846e62-d850-5102-25cd-ebc42379a240 () gmx ! es
[Download RAW message or body]

On 18/09/2018 14.32, Per Jessen wrote:
> Carlos E. R. wrote:
> 
>> On 18/09/2018 01.55, Per Jessen wrote:
>>> Carlos E. R. wrote:
>>>
>>>> On 16/09/2018 03.54, Per Jessen wrote:
>>>>> Carlos E. R. wrote:
>>>>>
>>>>>> On 15/09/2018 12.28, Per Jessen wrote:
>>>>>>> Carlos E. R. wrote:
>>>>
>>>> ...
>>>>
>>>>>>> Have you been able to confirm it?   With an external tool for
>>>>>>> instance?
>>>>>>
>>>>>> Me? Nope. I don't know how to do it.
>>>>>> I only know that it is an old version, Dropbear 0.46, dated 2005.
>>>>>>
>>>>>> nmap ... -p 22 -sV --version-all:
>>>>>>
>>>>>> PORT   STATE SERVICE VERSION
>>>>>> 22/tcp open  ssh     Dropbear sshd 0.46 (protocol 2.0)
>>>>>> Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
>>>>>
>>>>> Well, having port 22 open to the public with an ancient sshd is
>>>>> certainly risky, I would say.  Seems you have confirmed the risk.
>>>>> I guess there is no way for you modify the config of that router?
>>>>
>>>> I can not disable the service, but I can close the port on the
>>>> firewall.
>>>
>>> That would still leave your router open though.
>>
>> I don't understand. If it is closed in the firewall, it is closed,
>> problem solved.
> 
> I assume that the firewall is placed between the internal/LAN and the
> external/WAN interface - you can close port 22 all your want, but if
> you have an sshd listening on the external interface, that won't be
> affected. 

It has both, I understand. I did close it some weeks ago, and then you
checked my IP and you said therre was no ssh. Then I undid that while
solving another problem and forgot to put it back, and I do not dare to
touch it till my trip ends.


>>>>>> I don't know of a tool that tests for real weaknesses.
>>>>>
>>>>> The above is a real weakness :-)
>>>>
>>>> Not enough unless I can tell my ISP that that router is exploitable
>>>> by doing exactly what. With a reference.
>>>
>>> What does "not enough" mean?  Not enough for what?
>>
>> Not enough to convince my ISP to issue a nation wide upgrade. 
> 
> Ah, okay. 

And they will not issue an upgrade for a single router.  They might tell
me to upgrade my current hardware for a monthly fee, and I do not want
to do that.

If the router is faulty and I can prove it easily, they have to be told.
Once I close the firewall I will not care either way, but I would have
done my duty.


-- 
Cheers / Saludos,

		Carlos E. R.

  (from openSUSE 15.0 (Legolas))

-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic