[CentOS] Re: Securing serial ports - fax modems

Fri Jul 25 21:25:39 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 7-25-2008 1:27 PM James B. Byrne spake the following:
> I have already deployed a fax server and am about to deploy a backup
> system for this host at our off-site facility.  It struck me that I have
> given no thought to securing the serial port to unauthorized access.  The
> modem is a Multi-Tech MT5634ZBA which supports data as well as fax.  So
> this poses the same type of risk, if not to the same degree, as an ssh or
> telnet port but without the availability of a firewall to throttle
> repeated unsuccessful connection attempts.
> 
> Are there any recommendations on what should be done in this circumstance
> or am I fretting unduly?
> 
> Regards,
> 
If the system doesn't answer the data attempts, you should only have to worry 
if someone can send a crafted bit of data that will trigger a buffer overflow 
when the "fax image" is processed. I haven't heard of one, though.

You might be able to turn off the modems ability to answer any capabilities 
but fax, and Class 1 fax AFAIR doesn't support a data channel. Only Class 2.0.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080725/f8f6ee90/attachment-0005.sig>