I recently scanned my system with Nessus, and I discovered a port open that I really don't want to have open. It is port 631 and is IPP. When I read more information in the security report by Nessus, I learn that this is a CUPS server. Besides the fact that it is open, and I don't want it to be open, the other security bug is that this server reports what version of Cups I have.

What I'm wondering is - where do I edit the file, so I can have a different version of Cups listed (or no version at all, preferably).

And...actually...if there is any way I could shut this off, I'd appreciate help with that, too.


Thank you.


Dark Ninja

Two things you could try:
1-Set CUPS so the daemon does not start when you boot into Linux. When you get ready to print something, issue the command "/usr/cups/cupsd start" to start the daemon, get your print, then "/usr/cups/cupsd stop" to stop the daemon after printing.
2-Edit /etc/cups/cupsd.conf. There is a line in there which tells CUPS to listen to port 631 (which I suspect keeps the port open). Comment out the line and save the conf. Then test CUPS to see if you can still print (i.e. will the daemon open the port on demand, or not).
Hope this helps.

Okay, well, just commenting out the 'Port 631' line does not seem to solve the problem because the port still comes across as open on my system. However, I am wondering about something.

Farther down in the cupsd.conf file, there is a section that reads:

<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 111.111.111.*
</Location>

Where, 111.111.111.* is my IP address with an asterisk in place of the last digits. So...I was curious. I logged into a remote system that has a completely different IP address from mine. When I attempted to telnet back into my computer through port 631, I was able to. The remote system just sat there and then froze. However, when I did the same thing directly from my computer, I was able to log right in.

...so...I then attempted to log in on my laptop which has a very similar IP address. Again - nothing. So, I figure it's pretty secure - although, I'd rather have it closed completely.

So, thank you for your help. I appreciate it.


Dark Ninja


P.S. If anybody knows how this is implimented, I'd appreciate the knowledge. Otherwise, I'll work on figuring it out for myself. That's always fun to do. :D

why dont you just have a line in your firewall script that blocks out that port to the outside world?

Well...I guess I could do that. But, I think it is already blocked. No other computer but my own seems to be able to connect to it. Strange...


Dark Ninja