Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Securing Printers

From: xyberpix <xyberpix () xyberpix com>
Date: Tue, 16 Nov 2004 21:19:45 +0000
Hi Bryce,

Well for one thing, if they could gain access the printer, then escalate
their privelge level on there(not difficult), then modify the IP address
of the printer to that of a critical network device. Do this with a few
more printers, and you may just be able to knock the network device off
of the network.

HTH

xyberpix

On Mon, 2004-11-15 at 11:18 -0600, Bryce Embry wrote:

Howdy,

A recent thread on BugTraq, along with some discussions with my 
colleagues, has me curious about printer security.  What dangers are 
there in giving a printer a public IP address?

To me, a printer with a public IP sounds utterly foolish, but I'm not 
doing a very good job of making this point with my colleagues.  They 
usually respond with the question "Why would anyone want to print 
something to a printer they can't even find?".  My answers (usually "Why 
not?" or "it's a system running an OS that is subject to exploitation") 
  don't seem to be very convincing, especially since I can't produce any 
known exploits.  I would appreciate any arguments and reasoning that 
would carry more weight, or enlightenment to help me stop being so 
paranoid.

Thanks,

Bryce

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: