Nick, Not such a stupid idea - we have come up with several scenarios in the past using printers to compromise networks, but only once inside a network. Many printers are crammed full of functionality, something I've alluded to in previous posts (not necessarily to this list.) Web server management interfaces and ftp servers are common, and some file server functionality isn't uncommon. One printer manufacturer provided proxy functionality from the printer to another web server, to facilitate central management and configuration of an enterprise print environment. We guessed the (trivial) admin password, grabbed the web pages off the printer, and configured the printer to use a host of our choice as proxy. We didn't have time to take the scenario any further, but there were several interesting possibilities, including some custom JavaScript with teeth. >>The idea here would be to take a SNP and modify a ROM image for the specific printer to include the proxy functionality. I realize this could turn out to be quite difficult,<< Difficult to do at the technical level - a lot of the printer code is really odd, based on custom OS and file systems. But someone wrote it, so someone else can write a hacked up version. >>but at the same time, it would provide a way into the internal network when no others are available.<< Are you looking at this as an internal exploit, or trying to trojan printers before installation? I could see it working in the first instance, but it being a potentially intractable problem in the second instance. Mark Mark Brewis Security Consultant EDS Information Assurance Group Wavendon Tower Milton Keynes Buckinghamshire MK17 8LX. Tel: +44 (0)1908 28 4234/4013 Fax: +44 (0)1908 28 4393 E@: mark.brewisat_private PGP Key ID: C36D 770F 49F7 CC91 2E5A A2BE FE6E CD43 E6CD 9184 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 11:08:49 PDT