Okay, So, this exploit which was initially directed at Linux boxes when directed at a HP JetDirect card responds with a spewing of garbage. HP says they are not subject to this happening, but their JetDirect is doing something. And if the Red/Ramon Noodles worm was directed at the HP box and the logs show an LP directed connection to an associated printer (networked and not directly) and the printer spews. Then one might say that they are subject. Maybe not rooted but affected. Could all of this come from a compromised local Linux box? Even if the captured addresses are from all over the world as indicated in Steve Zenone's message. Do you think that a wide open JetDirect card could have enough resources to have an agent laid on it and that be used to launch a DOS? UDP probe? that kind of thing. We are seeing all kinds of UDP/LPD activity on HPUX 11.X , JetDirect cards and even Sun Systems. Everything I track down points to a worm.... but not really. That has not been ported to HPUX. In other words !!!!! HELP !!!!! Kenneth M. Duran PN Network Security Manager kduranat_private (208)-378-5146
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 01:45:24 PDT