CUPS port 631 security
Posted: Thu 26 Dec 2013, 14:46
Running Carolina 1.1. When online I look to see who's connected.
QNetStatView lists UDP local address *.631 as CLOSE with remote address "*".
127.0.0.1.631 local address is LISTEN though I understand 127.0.0 cannot be accessed from the Internet??
After some research it seems port 631 can be exploited.
After being thoroughly hacked twice this year I am somewhat wary of almost everything.
Prior to the latest occasion I handed my machine over to a 'tech' to install XP as Puppy could not do the job (running an Excel specific addon).
When the man returned my machine after four hours in his possession I noticed the BIOS password had been removed which was OK seeing as he needed to adjust a few items there during installation. No problem so far. Up to this point the machine had been running Puppy without any problems for two months.
I got the machine back and ran Windows for about one month. I talked to a number of people over Skype with this XP version and on several occasions there were unusual crackling sounds from the speakers, on others the cursor on the screen moved entirely by itself. Quite strange.
I looked in XP Services and found the Remote Registry set to Enabled along with several other indiscreet settings.
I opened Restore System and found only one setting I was able to use, Yesterday, and all other functionalities of the Restore System were locked away from me.
I installed 'Everything', a nice little search utility that tells you when files have been modified and accessed. This revealed the System Volume Information folder was being restored every day/on reboot, presumably to restore the ratware that had been installed and prevent it from deletion.
Without making any changes to the BIOS I ran Puppy and after a few minutes the rat remapped my keyboard rendering the machine useless.
I researched BIOS viruses and found some interesting information, not immediately as most writers will tell you they are rare, hardly ever seen, difficult to install etc, which is rubbish. They most certainly exist and can and may may infect video and CD/DVD firrmware. Rakshasa is one of them. I made a first effort at removing the rat and flashed the BIOS and reformatted the hard drive but I'm not sure here, when the drive is reformatted does the MBR get cleaned? Maybe not as there's a separate command 'bootrec.exe /FixMbr' but it's not important as I will not be using Windows again.
So with this it brings me back to the 631 vulnerability.. Should I be concerned? Is this a normal Netstat entry?
QNetStatView lists UDP local address *.631 as CLOSE with remote address "*".
127.0.0.1.631 local address is LISTEN though I understand 127.0.0 cannot be accessed from the Internet??
After some research it seems port 631 can be exploited.
After being thoroughly hacked twice this year I am somewhat wary of almost everything.
Prior to the latest occasion I handed my machine over to a 'tech' to install XP as Puppy could not do the job (running an Excel specific addon).
When the man returned my machine after four hours in his possession I noticed the BIOS password had been removed which was OK seeing as he needed to adjust a few items there during installation. No problem so far. Up to this point the machine had been running Puppy without any problems for two months.
I got the machine back and ran Windows for about one month. I talked to a number of people over Skype with this XP version and on several occasions there were unusual crackling sounds from the speakers, on others the cursor on the screen moved entirely by itself. Quite strange.
I looked in XP Services and found the Remote Registry set to Enabled along with several other indiscreet settings.
I opened Restore System and found only one setting I was able to use, Yesterday, and all other functionalities of the Restore System were locked away from me.
I installed 'Everything', a nice little search utility that tells you when files have been modified and accessed. This revealed the System Volume Information folder was being restored every day/on reboot, presumably to restore the ratware that had been installed and prevent it from deletion.
Without making any changes to the BIOS I ran Puppy and after a few minutes the rat remapped my keyboard rendering the machine useless.
I researched BIOS viruses and found some interesting information, not immediately as most writers will tell you they are rare, hardly ever seen, difficult to install etc, which is rubbish. They most certainly exist and can and may may infect video and CD/DVD firrmware. Rakshasa is one of them. I made a first effort at removing the rat and flashed the BIOS and reformatted the hard drive but I'm not sure here, when the drive is reformatted does the MBR get cleaned? Maybe not as there's a separate command 'bootrec.exe /FixMbr' but it's not important as I will not be using Windows again.
So with this it brings me back to the 631 vulnerability.. Should I be concerned? Is this a normal Netstat entry?