Securing serial ports - fax modems
on 7-25-2008 1:27 PM James B. Byrne spake the following:
I have already deployed a fax server and am about to deploy a backup
system for this host at our off-site facility. It struck me that I have
given no thought to securing the serial port to unauthorized access. The
modem is a Multi-Tech MT5634ZBA which supports data as well as fax. So
this poses the same type of risk, if not to the same degree, as an ssh or
telnet port but without the availability of a firewall to throttle
repeated unsuccessful connection attempts.
Are there any recommendations on what should be done in this circumstance
or am I fretting unduly?
If the system doesn't answer the data attempts, you should only have to worry
if someone can send a crafted bit of data that will trigger a buffer overflow
when the "fax image" is processed. I haven't heard of one, though.
You might be able to turn off the modems ability to answer any capabilities
but fax, and Class 1 fax AFAIR doesn't support a data channel. Only Class 2.0.
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
CentOS mailing list