RE: Jetdirect card Attack???

From: fuzzz (fuzzzat_private)
Date: Thu Jul 19 2001 - 20:27:43 PDT

  • Next message: Kheos ml: "Re: .ida Intrusion Attempt"

    -----Original Message-----
    From: fuzzz [mailto:fuzzzat_private]
    Sent: Thursday, July 19, 2001 8:52 PM
    To:
    Subject: RE: .ida Intrusion Attempt
    
    confirmed.
    ida/red worm it is hitting our jet directs printing pages with the
    www.worm.com on them...
    rule 27 don't leave jet directs open to the outside world they have web(80)
    ftp and telnet open on them.
    HP has a new firmware that locks this down.
    I have heard of some Cisco devices misbehaving with older versions as well
    
    fuzz
    -----Original Message-----
    From: Ryan Russell [mailto:ryanat_private]
    Sent: Thursday, July 19, 2001 7:31 PM
    To: James Edwards
    Cc: sdsu-certat_private; incidentsat_private
    Subject: Re: Jetdirect card Attack???
    
    
    Would all of the printers happen to be running a built-in web server?
    
    					Ryan
    
    On Thu, 19 Jul 2001, James Edwards wrote:
    
    > Yesterday, one of the printers here in ITS began printing a Jetdirect
    > Diagnostic Page showing a S/W Exception 00fb and a core dump
    > ("Registers", "Stack", and "Register Pointer Memory Dump" in Hex). I
    > changed the slot, and the error followed (from EIO1 to EIO2),
    > therefore I guessed that the card was bad. Today another printer
    > began to share the same symptoms. I have a hard time believing that
    > two cards would go bad at the same time
    >
    > Has anyone else noted this phenomenon??
    >
    > Could it be a different type of printer attack than the port 515 attacks??
    >
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see:
    
    http://aris.securityfocus.com
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 23:33:55 PDT