Re: Printer exploit?

From: Tohru Watanabe (tohruwat_private)
Date: Tue Jun 26 2001 - 18:32:23 PDT

Next message: lifeonmars: "Re: Printer exploit?"

Previous message: Daniel Martin: "Re: Synscan on port 2223"
In reply to: Brendan Murphy: "Printer exploit?"
Next in thread: lifeonmars: "Re: Printer exploit?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-  We had similar problems earlier this year around when the LPRng exploit
   was released.  
-  We were able to replicate the problem by running the LPRng
   exploit against port 9100 of the printer.  
-  To solve the problem, we
   upgraded the firmware on all our printers and set up ACLs (since all
   print jobs come from a few print servers).  


We never did find out where it was comming from though.  It may be helpful
to block port 9100 on a firewall but if it's originating from on campus,
it'll probably be difficult to block.  
Hope this helps.

Tohru

On Tue, 26 Jun 2001, Brendan Murphy wrote:

> Hi all-
>   More than a few of our networked HP Laserjet printers have been
> sporadically printing out entire trays of paper that have a '1', 'u', 'i'
> in the upper right hand corner of the page, -or- a string of text along
> the top of the page.  The jobs don't appear on the queue.  This problem
> was noticed very rarely beginning a couple of months ago, but has
> increased in frequency over the last two evenings. ...and it usually only
> occurs during the evening...but has occured during the day.  Again, it
> usually goes through the entire tray of paper unless the printer is
> shutdown.
>    Has anyone heard of any exploits to LaserJet printers, or printers in
> general that might cause this problem?  We've been through the gambit with
> HP and nothing seems to match...
> 
> Some facts, just in case:
> 	- Printers are using JetDirect cards over TCP/IP
> 	- Some users connected through print server, others directly.
> 	- Printers are NOT the same model
> 
> I am going to sniff out the traffic this evening to see if I can find
> anything...but thought I might be able to get a head start in the event
> that any of you had heard of an exploit that might be causing this one....
> 
> Regards,
> Brendan Murphy
> Network, Video, and DSL Services
> University of Colorado-Denver
> Computing, Information & Network Services (CINS)
> ~~~
> "Obstacles are only things people see when
>  they take their eyes off their goals."
> 
> 
> 
> ----------------------------------------------------------------------------
> 
> 
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see:
> 
> http://aris.securityfocus.com
> 



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: lifeonmars: "Re: Printer exploit?"
Previous message: Daniel Martin: "Re: Synscan on port 2223"
In reply to: Brendan Murphy: "Printer exploit?"
Next in thread: lifeonmars: "Re: Printer exploit?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 17:51:20 PDT