-----Original Message----- From: fuzzz [mailto:fuzzzat_private] Sent: Thursday, July 19, 2001 8:52 PM To: Subject: RE: .ida Intrusion Attempt confirmed. ida/red worm it is hitting our jet directs printing pages with the www.worm.com on them... rule 27 don't leave jet directs open to the outside world they have web(80) ftp and telnet open on them. HP has a new firmware that locks this down. I have heard of some Cisco devices misbehaving with older versions as well fuzz -----Original Message----- From: Ryan Russell [mailto:ryanat_private] Sent: Thursday, July 19, 2001 7:31 PM To: James Edwards Cc: sdsu-certat_private; incidentsat_private Subject: Re: Jetdirect card Attack??? Would all of the printers happen to be running a built-in web server? Ryan On Thu, 19 Jul 2001, James Edwards wrote: > Yesterday, one of the printers here in ITS began printing a Jetdirect > Diagnostic Page showing a S/W Exception 00fb and a core dump > ("Registers", "Stack", and "Register Pointer Memory Dump" in Hex). I > changed the slot, and the error followed (from EIO1 to EIO2), > therefore I guessed that the card was bad. Today another printer > began to share the same symptoms. I have a hard time believing that > two cards would go bad at the same time > > Has anyone else noted this phenomenon?? > > Could it be a different type of printer attack than the port 515 attacks?? > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 23:33:55 PDT