Yes, this worm will cause HP Printers to freak. If HP is denying it, they are lying. Either get rid of the default route (with it's accompanying problems) or filter.. jon * Kenneth Duran (KDURANat_private) [010417 02:51]: > So, this exploit which was initially directed at Linux boxes when > directed at a HP JetDirect card responds with a spewing of garbage. > HP says they are not subject to this happening, but their JetDirect is > doing something. And if the Red/Ramon Noodles worm was directed at > the HP box and the logs show an LP directed connection to an > associated printer (networked and not directly) and the printer spews. > Then one might say that they are subject. Maybe not rooted but > affected. Could all of this come from a compromised local Linux box? > Even if the captured addresses are from all over the world as > indicated in Steve Zenone's message. > > Do you think that a wide open JetDirect card could have enough > resources to have an agent laid on it and that be used to launch a > DOS? UDP probe? that kind of thing. > > We are seeing all kinds of UDP/LPD activity on HPUX 11.X , JetDirect > cards and even Sun Systems. Everything I track down points to a > worm.... but not really. That has not been ported to HPUX. In other > words -- .Jonathan J. Miner------------------Division of Information Technology. |minerat_private University Of Wisconsin - Madison| |608/262.9655 Room 3149 Computer Science| `---------------------------------------------------------------------' It's the Magic that counts. -- Larry Wall on Perl's apparent ugliness (143)
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 18:11:23 PDT