We have noticed over the last six weeks attempts to compromise printers; some unsuccessful but many were successful. Some administrators of these printers did not bother to set strong passwords on the WEB access to these printers. The printers attacked were newer Lexmark printers that contained OS kernels and WEB services. Several of these printers generated so much Internet traffic that the WAN admins had to block them at the router. The traffic was saturating the firewalls. All admins need to secure these printers as if they were servers. Richard Grant -----Original Message----- From: Brendan Murphy [mailto:bmurphyat_private] Sent: Tuesday, June 26, 2001 4:32 PM To: incidentsat_private Subject: Printer exploit? Hi all- More than a few of our networked HP Laserjet printers have been sporadically printing out entire trays of paper that have a '1', 'u', 'i' in the upper right hand corner of the page, -or- a string of text along the top of the page. The jobs don't appear on the queue. This problem was noticed very rarely beginning a couple of months ago, but has increased in frequency over the last two evenings. ...and it usually only occurs during the evening...but has occured during the day. Again, it usually goes through the entire tray of paper unless the printer is shutdown. Has anyone heard of any exploits to LaserJet printers, or printers in general that might cause this problem? We've been through the gambit with HP and nothing seems to match... Some facts, just in case: - Printers are using JetDirect cards over TCP/IP - Some users connected through print server, others directly. - Printers are NOT the same model I am going to sniff out the traffic this evening to see if I can find anything...but thought I might be able to get a head start in the event that any of you had heard of an exploit that might be causing this one.... Regards, Brendan Murphy Network, Video, and DSL Services University of Colorado-Denver Computing, Information & Network Services (CINS) ~~~ "Obstacles are only things people see when they take their eyes off their goals." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 18:41:40 PDT