if all of your check on aris.securityfocus.com you will find one of the advisories discusses a lpd worm that autohacks systems... this could be the cause of port scans being logged in a lot of your systems. SEClpd.c is also an easily used script kiddie exploit. -----Original Message----- From: John Leach [mailto:johnat_private] Sent: Thursday, June 28, 2001 9:38 AM To: incidentsat_private Subject: Re: Printer exploit? We've noticed a sudden influx of tcp 515 printer port scans over the last month on nearly all of our boxes (different sites, different isps) We *do* have a *really* good HP colour laserjet, I guess the word got out. John. ECSC Ltd. http://www.ecsc.co.uk > More than a few of our networked HP Laserjet printers have been > sporadically printing out entire trays of paper that have a '1', 'u', 'i' > in the upper right hand corner of the page, -or- a string of text along > the top of the page. The jobs don't appear on the queue. This problem > was noticed very rarely beginning a couple of months ago, but has > increased in frequency over the last two evenings. ... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 17:19:46 PDT