Port 631 problem

Port 631 problem

Post by Brad Smit » Fri, 15 Dec 2000 10:19:44



I have 2 NICs in my PC. One NIC has an internet connection, the other a
local lan connection. I noticed recently that syslog, messages and some
other files in /var/log are getting rather large. On inspection I found
that both NICs are sending a packet to port 631 (which is being denied
by ipchains) every second. A segment of output is:

Dec 13 16:50:02 bc18479 kernel: Packet log: input DENY eth0 PROTO=17
216.228.184.79:631 216.228.184.255:631 L=105 S=0x00 I=855 F=0x0000 T=64
(#32)
Dec 13 16:50:02 bc18479 kernel: Packet log: input DENY eth1 PROTO=17
192.168.0.1:631 192.168.0.255:631 L=105 S=0x00 I=856 F=0x0000 T=64 (#32)

Dec 13 16:50:33 bc18479 kernel: Packet log: input DENY eth0 PROTO=17
216.228.184.79:631 216.228.184.255:631 L=105 S=0x00 I=886 F=0x0000 T=64
(#32)
Dec 13 16:50:33 bc18479 kernel: Packet log: input DENY eth1 PROTO=17
192.168.0.1:631 192.168.0.255:631 L=105 S=0x00 I=887 F=0x0000 T=64 (#32)

How can I identify which application is causing this to happen? And the
correct the problem?

Thanks,

Brad

 
 
 

Port 631 problem

Post by Karl Heye » Fri, 15 Dec 2000 11:24:46



....
Quote:> Dec 13 16:50:33 bc18479 kernel: Packet log: input DENY eth1 PROTO=17
> 192.168.0.1:631 192.168.0.255:631 L=105 S=0x00 I=887 F=0x0000 T=64
> (#32)

> How can I identify which application is causing this to happen? And
> the correct the problem?

port 631 is the port used by cups (printing).  Use lsof and search
for programs that have are trying for a  connection to that port.

karl.

 
 
 

Port 631 problem

Post by Michael Muelle » Fri, 15 Dec 2000 10:48:39


Hi Brad,


> Dec 13 16:50:02 bc18479 kernel: Packet log: input DENY eth0 PROTO=17
> 216.228.184.79:631 216.228.184.255:631 L=105 S=0x00 I=855 F=0x0000 T=64
> (#32)

This is your printing daemon (lprng) announcing its existence. One
usally does find such things by looking up the destination port in
/etc/services or
http://www.isi.edu/in-notes/iana/assignments/port-numbers

Check the manual material for this program packet for further
information how to disable the broadcasting on the outbound interface.
Or the one of your distribution on how to disable the daemon.

Blocking the broadcasts on the inbound device seems to be quite useless.
Clients do read these messages to detect available printers.

Malware

 
 
 

1. Problem opening 631/udp for IPP

Hi
        I just upgraded my desktop machine at home (DHCP server + BIND server +
CUPS server+ IP Masquerade) to RH 9 from RH 7.3.

        I am trying to open the port 631/udp for IPP access from my laptop so that
I can share my printer. Obviously, I have a firewall running (High on RH
default installation) + some rules to enable ssh, etc forwarding.

        Attempts like :

        /sbin/iptables -A INPUT -i eth0 -p udp -s 192.168.0.2 --destination-port
631 -j ACCEPT, etc.
        have failed as nmap does not reveal 631/udp as being open (can't browse to
myserver:631 either).

        Suggestions anyone ?

Thanks,

MS

2. ARK 2000 PV supported by X?

3. cups problem: unable to connect to localhost:631

4. help ... web based pop3 mail reader?

5. Problem opening 631/udp for IPP

6. Patch to loop.c - fixes locking issues (IMHO)

7. Linux on Aptiva 2164-631

8. Newbie: Help Dip,SLIP

9. Can′t do "telnet localhost 631". Why?

10. 631, 1024, 6000

11. Problem adding tty port using 128 Port Async Adapter with 16 port Async Node

12. Reading is much more interesting than TV (0631/1708)

13. (make, solaris porting, sybase porting) problem?