Mapping a network with a printer is very possible as i have done it in the wild, and it is very effective for mapping the intranet. Some also have a "self discovery" feature. Why not use a trusted system ( printer ) to scan stealthly.. morning_wood http://exploitlabs.com ----- Original Message ----- From: "christian houle" <funkbassat_private> To: <aaron_cheekat_private> Cc: <incidentsat_private> Sent: Wednesday, June 18, 2003 5:36 AM Subject: SNMP search for printers? > > this link from phenoelit might give you an idea/possibility: > > (printer exploitation/hacking) > > http://www.phenoelit.de/stuff/19C3.pdf > > > > All, > > One of my class Cs got SNMP scanned, and wanted to ask > you what the purpose of this scan you think it might > be: > > 80.200.243.104.1152 > mynet.161: GetRequest(25) .1.3.6.1.4.1.641[|snmp] > > (Apparently an ADSL user at Belgium - > 104.243-200-80.adsl-fix.skynet.be) > > They tried different OIDs: .1.3.6.1.4.1.641 (Lexmark International), > .1.3.6.1.4.1.11.2 (Hewlett Packard), .1.3.6.1.4.1.480 (QMS, Inc.), > .1.3.6.1.2.1.43 (3Com). > > All scans had src port 1152. > > What I see in common here is printers. If so, what is > the purpose of massively scanning for printers? > > Other people seeing this? Any ideas? Any known tool? > > Aaron > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com > > -------------------------------------------------------------------- -------- > Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the > world's premier technical IT security event! 10 tracks, 15 training > sessions, > 1,800 delegates from 30 nations including all of the top experts, from CSO's > to > "underground" security specialists. See for yourself what the buzz is > about! > Early-bird registration ends July 3. This event will sell out. > www.blackhat.com > -------------------------------------------------------------------- -------- > > _________________________________________________________________ > The new MSN 8: smart spam protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > -------------------------------------------------------------------- -------- > Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the > world's premier technical IT security event! 10 tracks, 15 training sessions, > 1,800 delegates from 30 nations including all of the top experts, from CSO's to > "underground" security specialists. See for yourself what the buzz is about! > Early-bird registration ends July 3. This event will sell out. www.blackhat.com > -------------------------------------------------------------------- -------- > > ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jun 18 2003 - 14:27:37 PDT