Running Carolina 1.1. When online I look to see who's connected.
QNetStatView lists UDP local address *.631 as CLOSE with remote address "*".
127.0.0.1.631 local address is LISTEN though I understand 127.0.0 cannot be accessed from the Internet??
After some research it seems port 631 can be exploited.
After being thoroughly hacked twice this year I am somewhat wary of almost everything.
Prior to the latest occasion I handed my machine over to a 'tech' to install XP as Puppy could not do the job (running an Excel specific addon).
When the man returned my machine after four hours in his possession I noticed the BIOS password had been removed which was OK seeing as he needed to adjust a few items there during installation. No problem so far. Up to this point the machine had been running Puppy without any problems for two months.
I got the machine back and ran Windows for about one month. I talked to a number of people over Skype with this XP version and on several occasions there were unusual crackling sounds from the speakers, on others the cursor on the screen moved entirely by itself. Quite strange.
I looked in XP Services and found the Remote Registry set to Enabled along with several other indiscreet settings.
I opened Restore System and found only one setting I was able to use, Yesterday, and all other functionalities of the Restore System were locked away from me.
I installed 'Everything', a nice little search utility that tells you when files have been modified and accessed. This revealed the System Volume Information folder was being restored every day/on reboot, presumably to restore the ratware that had been installed and prevent it from deletion.
Without making any changes to the BIOS I ran Puppy and after a few minutes the rat remapped my keyboard rendering the machine useless.
I researched BIOS viruses and found some interesting information, not immediately as most writers will tell you they are rare, hardly ever seen, difficult to install etc, which is rubbish. They most certainly exist and can and may may infect video and CD/DVD firrmware. Rakshasa is one of them. I made a first effort at removing the rat and flashed the BIOS and reformatted the hard drive but I'm not sure here, when the drive is reformatted does the MBR get cleaned? Maybe not as there's a separate command 'bootrec.exe /FixMbr' but it's not important as I will not be using Windows again.
So with this it brings me back to the 631 vulnerability.. Should I be concerned? Is this a normal Netstat entry?
CUPS port 631 security
CUPS port 631 security
Hi Edwardo,I am not sure if this .iso would have any effect on CUPS port 631 security or not but I do know that anything that is stored in ram,whether it is put
in by the user or some artful dodger via the internet will simply be dumped from the pupsave.2fs file on shutdown.This is of course ,if the user fails to Click On the "Save By Demand Only" radio button.I have tried a couple of times to archive this .iso but so far I have been unable to upload it ,anywhere ? Should
there be anyone out there who would like to "audit" it ,give me a clue where and how to deposit it and with my speedy dialup
I will try to comply.cheers
in by the user or some artful dodger via the internet will simply be dumped from the pupsave.2fs file on shutdown.This is of course ,if the user fails to Click On the "Save By Demand Only" radio button.I have tried a couple of times to archive this .iso but so far I have been unable to upload it ,anywhere ? Should
there be anyone out there who would like to "audit" it ,give me a clue where and how to deposit it and with my speedy dialup
I will try to comply.cheers- Attachments
-
- SaveOnDemandOnly.jpg
- (4.45 KiB) Downloaded 232 times