[TriLUG] Port 631

Jon Carnes jonc at nc.rr.com
Thu Jun 3 18:14:20 EDT 2004 

Try using "lsof" on the offending machine and see if you can peg the
application that is trying to attach to the port.

After that, the rest is cake.

Jon

On Thu, 2004-06-03 at 17:14, Byarlay, Wayne A. wrote:
> Could anybody tell me why a RH9 machine is constantly attempting to
> contact our other RH9 machine with CUPS on it?
> 
> yes, the non-CUPS server is hammering away on the CUPS one (or trying
> to, not getting through firewall) through port 631 (which is IPP).
> 
> Perhaps some old print job that just can't escape or something?? If so
> where would I look to delete it?
> 
> 
> -----Original Message-----
> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
> Behalf Of stan briggs
> Sent: Thursday, June 03, 2004 2:13 PM
> To: trilug at trilug.org
> Subject: RE: [TriLUG] destructive spam?
> 
> a technique like described below certainly works. there are many ways to
> get to the source to see what characters are there. the problem, though,
> is that the cid: entry is followed by a whole bunch of ascii characters
> that evidently mean more than just their random human readable letters.
> they don't look like hex. i don't know what they are.
> 
> ideas, anyone?
> 
> stan
> 
> 
> > The technique for discovering where these references point depends on 
> > your email client.
> >
> > You need to save the email to a file on hard disk, then view it with a
> 
> > text reader. Then just read the html and you can spot the external 
> > references.
> >
> > With most 'nixes, you could create a folder, move the questionable 
> > email into it (so that it's isolated from the other
> > 5 megabytes in your Inbox folder), and navigate into it following your
> 
> > .Mail or .mail or .Mailbox directory off your roothome (~).
> > Then open it in vi or whatever.
> >
> > If you use outlook by day, then create a new email addressed to 
> > yourself and use the "insert -> item" feature.  Once it's in your 
> > inbox, then right click on the attachment, do a "Save As", name it 
> > whatever.txt.  Examine it with with notepad.
> >
> > Marty
> >
> > -----Original Message-----
> > From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org]On
> > Behalf Of Turnpike Man
> > Sent: Thursday, June 03, 2004 12:29 PM
> > To: Triangle Linux Users Group discussion list
> > Subject: Re: [TriLUG] destructive spam?
> >
> >
> > slightly better... but without clicking these links, is there any way 
> > to decipher where they are going to take us?
> >
> > David M.
> >
> > --- sholton at mindspring.com wrote:
> >> You are familiar with URL's that contain a protocol identifier 
> >> (http:,
> > ftp:)
> >> followed by a host identifier (trilug.org, ftp.ics.uci.edu) followed 
> >> by an object reference (index.html, pub/ietf/uri/rfc2111.txt).
> >>
> >> Think of "cid" and "mid:" as being the URL way to point to an object 
> >> contained within the same MIME-encoded message.
> >>
> >> I'd offer an example, but I refuse on principle to create a MIME- 
> >> encoded message.
> >>
> >> It tells the HTML-interpreter (which the would-be mark is using to 
> >> read his mail...not that any of us would ever do that...) where to 
> >> find the object it needs to correctly render the HTML page.
> >>
> >> I presume that if said HTML-interpreter also has a tendency to 
> >> execute objects it believes to be executable, such a construct could 
> >> be used to cause the execution of code within  the local context.
> >>
> >> Any better?  I swear it's all English...
> >>
> >> -----Original Message-----
> >> From: Turnpike Man <turnpike420 at yahoo.com>
> >>
> >> > Even after reading, can someone put that in english?  thanks!
> >> > David M.
> >>
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Friends.  Fun.  Try the all-new Yahoo! Messenger.
> > http://messenger.yahoo.com/
> > --
> > TriLUG mailing list        :
> > http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational 
> > FAQ
> > : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> >
> > --
> > TriLUG mailing list        :
> > http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational 
> > FAQ
> > : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> 
> 
> 
> -- 
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/ TriLUG Member
> Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>

More information about the TriLUG mailing list