Actually, that looks to be like the same firmware as certain intelligent hubs with integrated Terminal/Printer server capabilities.. I have one here on my LAN. The model in question is made my a company called Microplex, and it's a discontinued model called the M208. (Mon 6:17am) seamus@rtfm ttya7:~> telnet XXXXXXX Trying XXX.XXX.XXX.XXX... Connected to XXX.XXX.XXX.XXX. Escape character is '^]'. Network Printer Server Version 5.6.3 (XXX.XXX.XXX.XXX) login: root Password: <root pw here> Welcome root user XXX.XXX.XXX.XXX:root> list sysinfo name: XXXXXXXXXXXXXXX contact: XXXXXXXXXXXXXXX location: Insomnia Communications NOC version: 5.6.3 serial number: 572 compiled: Jul 16 1998 checksum: 668E loginfo: sys logport: syslog syslog: XXXXXXXXXXXXXXX email: root@XXXXXXXXXX dns server: XXXXXXXXXXXXXXX module: novell, appletalk, netbios XXX.XXX.XXX.XXX:root> There is, however, quite a bit of documentation in the hub's manual about setting a root password, and the importance of doing so.. don't know who decided to use this same firmware in plotters/printers or what their documentation is like, however it seems to come down to the general rule of never leave a peripheral unpassworded on your network if you want to avoid these sorts of problems (telnet proxy, etc..) On Thu, 19 Aug 1999, Larry W. Cashdollar wrote: > Aleph1, > I apologize if this has be brought up before, but with the recent > post concerning the QMS 2060 printers and the length of time I have sat on this > (4 months) I figured it should be released. I sent this information to OCE long > ago with no response. I am aware of the Intelligent Peripherals bulletin by > CIAC. > > http://www.ciac.org/ciac/bulletins/j-019.shtml > > I have a few plotters / printers under my audit umbrella and > noticed something interesting on an Oce' 9400 plotter. The printer has the > ability to be a telnet proxy. Where as a user can hop via telnet to other > hosts. If the printer is not setup properly the connections will go unlogged. > > bunyip% telnet JPP1 > Trying 192.168.38.244... > Connected to JPP1. > Escape character is '^]'. > > Network Printer Server Version 5.6.3 (192.168.38.244) > > login: root > Password:[Just enter here] > > Welcome root user > > > WARNING: current and stored values differ. > Use 'list diff' command to find the differences. > Current values will be lost if unit is reset. > > 192.168.38.244:root> telnet 192.168.38.110 > trying 192.168.38.110 ... > Connected to 192.168.38.110 > Escape character is '0x18' > > Red Hat Linux release 5.9 (Starbuck) > Kernel 2.2.3-5 on an i586 > login: > > 192.168.38.244:root> list sysinfo > name: > contact: > location: > version: 5.6.3 > serial number: 13029 > compiled: Mar 25 1998 loginfo: sys > logport: > syslog: 255.255.255.255 > email: NetPrint@<unconfigured> > dns server: 192.168.38.110 > module: novell, appletalk, netbios > checksum: 1E54 > > > All that is needed is a valid DNS server setup in the plotter > configuration. > > 192.168.38.244:root> set sysinfo dns 192.168.38.100 > > And anyone can use the plotter as an anonymous telnet proxy. > > Fix: > > Enable passwords for the accounts on the plotter: > > syntax: set user add <NAME> > set user del <NAME> > set user passwd <NAME> [<PASSWORD>] > set user type <NAME> root|guest > set user from default|stored > > Enable logging: > > syntax: set logpath <LOGPATH> name <NEW_NAME> > set logpath <LOGPATH> type [[-]job] [[-]user] [[-]pgcnt] [[-]cksum] > [[-]printer] [[-]ioport] > set logpath <LOGPATH> port <TCP-PORT>|email|syslog > set logpath from default|stored > > P.S. This plotter has ping functionality also. No, I have not tried DoS attacks > =) > > syntax: ping [-s] <IPNAME> [<DATASZ> [<NUMPKTS>]] > > > > -- Larry W. Cashdollar > Unix Administrator > Security Operations > -- Patrick Cantwell President/Systems Administrator, Insomnia Communications patat_private TheFloyd @ irc 4668163 @ icq
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:58:26 PDT