RE: Printer exploit?

From: Rocket Downing (rdowningat_private)
Date: Thu Jun 28 2001 - 09:13:13 PDT

  • Next message: Jason Robertson: "Attempted unicode scans. on network"

    if all of your check on aris.securityfocus.com you will find one of the
    advisories discusses a lpd worm that autohacks systems...
    this could be the cause of port scans being logged in a lot of your systems.
    SEClpd.c is also an easily used script kiddie exploit.
    
    -----Original Message-----
    From: John Leach [mailto:johnat_private]
    Sent: Thursday, June 28, 2001 9:38 AM
    To: incidentsat_private
    Subject: Re: Printer exploit?
    
    
    We've noticed a sudden influx of tcp 515 printer port scans over the
    last month on nearly all of our boxes (different sites, different isps)
    
    We *do* have a *really* good HP colour laserjet, I guess the word got
    out.
    
    John.
    ECSC Ltd.
    http://www.ecsc.co.uk
    
    
    >   More than a few of our networked HP Laserjet printers have been
    > sporadically printing out entire trays of paper that have a '1', 'u', 'i'
    > in the upper right hand corner of the page, -or- a string of text along
    > the top of the page.  The jobs don't appear on the queue.  This problem
    > was noticed very rarely beginning a couple of months ago, but has
    > increased in frequency over the last two evenings. ...
    
    
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see:
    
    http://aris.securityfocus.com
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 17:19:46 PDT