RE: Using a Stand-Alone Network Printer as a network attack entry point?

From: Ofir Arkin (ofir@sys-security.com)
Date: Fri Aug 16 2002 - 09:37:29 PDT

Next message: Security News: "Re: Using a Stand-Alone Network Printer as a network attack entry point?"

Previous message: Fabrizio Siciliano: "RE: Digital UNIX 5.60 recourses"
In reply to: Nick Jacobsen: "Using a Stand-Alone Network Printer as a network attack entry point?"
Next in thread: Security News: "Re: Using a Stand-Alone Network Printer as a network attack entry point?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nick, and all

Any network device is a potential caveat for network security.

Printers were and still are a very good network device to be subverted.

Not only by taking full control and installing new software but as well
as a tool to reproduce your CEO's personal letters or just send them
elsewhere (hint, hint)... 

As I noted, this is not a new idea but it is still a nice one :)

There are several nice ideas' that are similar, you should check out the
following talks given at BH USA 2002 (presentations are available from:
http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html): 

- DC Phone Home, Higbee & Davis 
- Attacking Networked Embedded Systems, FX and kim0

Hope this helps

Ofir Arkin [ofir@sys-security.com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA  

-----Original Message-----
From: Nick Jacobsen [mailto:nickat_private] 
Sent: 16 August 2002 05:20
To: pen-testat_private
Subject: Using a Stand-Alone Network Printer as a network attack entry
point?

Hi all...
    I came up with an idea, one that I've never heard discussed, of
possibly
modifying a stand-alone network printer (like most of the high-end
office
printers, hereafter referred to as a "SNP") to act as a full point to
point
proxy, or at least a simple pass through to the port and IP you specify
in
some sort of configuration.  The idea here would be to take a SNP and
modify
a ROM image for the specific printer to include the proxy functionality.
I
realize this could turn out to be quite difficult, but at the same time,
it
would provide a way into the internal network when no others are
available.
Any comments are most DEFINITELY welcome, flames less so, but if it's a
stupid idea, let me know...

Nick Jacobsen
nickat_private
ethicsat_private


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Security News: "Re: Using a Stand-Alone Network Printer as a network attack entry point?"
Previous message: Fabrizio Siciliano: "RE: Digital UNIX 5.60 recourses"
In reply to: Nick Jacobsen: "Using a Stand-Alone Network Printer as a network attack entry point?"
Next in thread: Security News: "Re: Using a Stand-Alone Network Printer as a network attack entry point?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 11:05:22 PDT