[CentOS] Re: Securing serial ports - fax modems
ssilva at sgvwater.com
Fri Jul 25 21:25:39 UTC 2008
on 7-25-2008 1:27 PM James B. Byrne spake the following:
> I have already deployed a fax server and am about to deploy a backup
> system for this host at our off-site facility. It struck me that I have
> given no thought to securing the serial port to unauthorized access. The
> modem is a Multi-Tech MT5634ZBA which supports data as well as fax. So
> this poses the same type of risk, if not to the same degree, as an ssh or
> telnet port but without the availability of a firewall to throttle
> repeated unsuccessful connection attempts.
> Are there any recommendations on what should be done in this circumstance
> or am I fretting unduly?
If the system doesn't answer the data attempts, you should only have to worry
if someone can send a crafted bit of data that will trigger a buffer overflow
when the "fax image" is processed. I haven't heard of one, though.
You might be able to turn off the modems ability to answer any capabilities
but fax, and Class 1 fax AFAIR doesn't support a data channel. Only Class 2.0.
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.centos.org/pipermail/centos/attachments/20080725/f8f6ee90/signature.bin
More information about the CentOS