Small Victories (Updated)

Reaffirming my previous post, I remind you that Debian is better integrated from the start than CentOS. Not bug-free, but fewer problems. Naturally I’m running my preferred desktop environment, XFCE. It lacks some of the bells and whistles, but it’s far more comfortable and less troublesome.

As part of one of my lessons today I was running some system checks on an XTerm (virtual console). At one point I issued the command dmesg — basically the informative stuff about how the OS is wading through discovery of the hardware, followed by standard system alerts in time sequence. Among those alerts is firewall stuff (UFW): I noticed the firewall was blocking some unusual activity. Of course, it made reference to IPV6, which has a totally different IP address format. So I had to look up first what were the reserved network addresses in IPV6, and sure enough the problem was something on my system trying to get out past the firewall every few minutes.

[UFW BLOCK] IN=eth0 OUT= MAC= SRC=fe80:0000:0000:0000:021e:c9ff:fe29:2927 DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=64 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=UDP SPT=8612 DPT=8612 LEN=2

The “SRC” is the source of the activity and that turns out to be the same thing as 127.0.0.1 in IPV4 (the address for localhost, the machine on which you are working). The “DST” part is the reserved code for a form of open broadcast. In effect, my machine was asking if anybody on the LAN had a certain thing. The ports (SPT and DPT) were 8612, a telltale number used by Canon printers. But this wasn’t some activity coming from the printer spool (AKA “CUPS” in Linux). So I kept searching until I found references to “Pixma” — a product line from Canon. It almost had to do with some kind of Pixma driver somewhere. Eventually I discovered this was activity from the SANE service on my computer, the Linux implementation of scanner drivers; lots of Canon Pixma devices are “all-in-one” printer, fax and scanner. So all this time I was getting a sort of ping signal from the SANE service looking for any Canon Pixma machines on the network.

I have no intention of using such a thing and don’t own a Canon printer. So I killed the SANE service:

systemctl stop saned.service
systemctl disable saned.service

Oh, and just to make sure, I edited /etc/sane.d/dll.conf to turn off the network searching function. The first line after all the explanation at the top of the file is “net” and I just commented it out so: #net. No more firewall pings on that port. Naturally this triggered a scripted complaint that I was violating some LSB standard (Linux Standard Base) — big whoop-de-doo.

One small victory on the way to figuring out this stuff.

Update: That didn’t work. Can’t learn anything if I don’t fail sometimes. It was a good thing to shut down the SANE service because I have no intention of using it, but that didn’t stop the pings. A couple of hours later they came again. More research. I stopped a service called “cups-browse” and that seems to have worked:

systemctl stop cups-browsed.service
systemctl disable cups-browsed.service

Since the firewall activity shows it’s periodic over the day, I’ll have to check again in the morning. I can’t just shut down CUPS itself because I do print to PDF regularly from my browser. It’s the best way to save documents without wasting paper.

Update 2: 24 hours later and not a peep from my firewall. Killing cups-browse (recently deprecated in CUPS development) will stop the LAN noise on port 8612.

About Ed Hurst

Disabled Veteran, prophet of God's Laws, Bible History teacher, wannabe writer, volunteer computer technician, cyclist, Social Science researcher
This entry was posted in computers and tagged , , . Bookmark the permalink.

One Response to Small Victories (Updated)

  1. Benjamin says:

    I for one enjoyed this report of one of your adventures.

    I’m enjoying reading the updates on your progress with the changes you are pursuing.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s