SNMP search for printers?

From: christian houle (funkbassat_private)
Date: Wed Jun 18 2003 - 05:36:31 PDT

Next message: exon: "Re: Spoofed TCP SYNs w/Winsize 55808 (was: Help with an odd log file...)"

Previous message: Joe Stewart: "sdbot variant and port 55808 activity"
Next in thread: Dave Killion: "RE: SNMP search for printers?"
Next in thread: exon: "Re: SNMP search for printers?"
Reply: Dave Killion: "RE: SNMP search for printers?"
Reply: morning_wood: "Re: SNMP search for printers?"
Reply: Johnson, Greg: "RE: SNMP search for printers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

this link from phenoelit might give you an idea/possibility:

(printer exploitation/hacking)

http://www.phenoelit.de/stuff/19C3.pdf



All,

One of my class Cs got SNMP scanned, and wanted to ask
you what the purpose of this scan you think it might
be:

80.200.243.104.1152 > mynet.161:  GetRequest(25) .1.3.6.1.4.1.641[|snmp]

(Apparently an ADSL user at Belgium -
104.243-200-80.adsl-fix.skynet.be)

They tried different OIDs: .1.3.6.1.4.1.641 (Lexmark International), 
.1.3.6.1.4.1.11.2 (Hewlett Packard), .1.3.6.1.4.1.480 (QMS, Inc.), 
.1.3.6.1.2.1.43 (3Com).

All scans had src port 1152.

What I see in common here is printers. If so, what is
the purpose of massively scanning for printers?

Other people seeing this? Any ideas? Any known tool?

Aaron

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training 
sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's 
to
"underground" security specialists.  See for yourself what the buzz is 
about!
Early-bird registration ends July 3.  This event will sell out. 
www.blackhat.com
----------------------------------------------------------------------------

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Next message: exon: "Re: Spoofed TCP SYNs w/Winsize 55808 (was: Help with an odd log file...)"
Previous message: Joe Stewart: "sdbot variant and port 55808 activity"
Next in thread: Dave Killion: "RE: SNMP search for printers?"
Next in thread: exon: "Re: SNMP search for printers?"
Reply: Dave Killion: "RE: SNMP search for printers?"
Reply: morning_wood: "Re: SNMP search for printers?"
Reply: Johnson, Greg: "RE: SNMP search for printers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 18 2003 - 08:40:28 PDT