18-Dec-2000 The CERT (Computer Emergency Response Team) at Carnegie Melon publishes a current activity report at: http://www.cert.org/current/current_activity.html The version of Dec 13/2000 reports that the bad guys are taking advantage of several problems including a big hole in the LPRng server as found on RedHat Linux version 7 (LPRng 3.6.24 and earlier are vulnerable): http://www.cert.org/advisories/CA-2000-22.html Your system is a RedHat Linux version 7 system and, according to the CERT Advisory may be vulnerable and could be exploited. You should attend to this vulnerablity ASAP: 1. You can determine which version of LPRng you're running: $ rpm -q LPRng LPRng-3.6.24-2 In the example shown the system is not vulnerable. 2. You can update your RedHat version 7 (Guinness) to the current recommended version: $ rpm -v -F \ ftp://rha.uwaterloo.ca/linux/RedHat-updates/7.0/LPRng-3.6.24-2.i386.rpm The line wrap is for readablity only. 3. If you have no need of the LPRng service (ie. if you have no locally attached printers) you can disable the service entirely: $ /etc/rc.d/init.d/lpd stop # to stop the service $ /sbin/chkconfig lpd off # so it isn't restarted on the next boot Disabling the service will not prevent you from submitting print jobs to other servers. Getting rid of services you're not using is a recommended security practice. More information on maintaining your RedHat Linux system and keeping up to date with vendor released updates is available at: http://ist.uwaterloo.ca/security/howto/2000-10-02/ I am, Reg Quinton Senior Technologist, Security Information Systems and Technology University of Waterloo, 200 University Ave W Waterloo, Ontario N2L 3G1 Canada +1 519 888-4567x36070