On Fri, Sep 21, 2001 at 06:02:35PM -0700, (obnoxiously encoded in base64a) auto241065at_private wrote: > > How the heck does it infect a printer? I was under the impression that > codered and Nimda "infected" windows operating systems. I've heard the > volume of traffic created could DOS devices like printers that used > HTTP for management. I thought the original poster was either joking > or the victim of a practical joke, but after a second post I must be > the butt of the joke. To the best of my knowledge, HP printer issues from Code Red weren't from traffic *volume*, but from content. The HTTP commands were causing the printer's print server software to shut down when running older firmware versions for the JetDirect interface. In this instance, I think (I haven't experienced this issue, but am basing this assumtion on the earlier statements) the worm would be sending PJL commands to HP printers. Note that PJL (Printer Job Language) is not PCL (Printer Command Language). PCL allows specification of the document being printed, while PJL allows for changing menu settings on some of the LaserJet printers. This includes being able to change the disply message. The next time someone prints, the printer should have the default display message. The command to set the display is something like: -12345X@PJL RDYMSG DISPLAY="your message here" -12345X I'll leave the Google search as an exersize to the reader. -- trey valenta treyat_private seattle (maybe a) random quote--v The best thing about growing older is that it takes such a long time. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Sep 22 2001 - 17:45:56 PDT