Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Securing Printers

From: Peter Wan <peter.n.wan () gmail com>
Date: Tue, 16 Nov 2004 16:42:00 -0500
I remember seeing a reference to a paper at Black Hat that addressed this topic,
but can't seem to find the information on the paper.  Here is another reference
that addresses risks of an accessible printer:

http://www.giac.org/practical/GSEC/Vernon_Vail_GSEC.pdf

It talks about the physical security worries, but then talks about how abuse of
insecure services provided by the printer (Web, FTP, etc.) can cause trouble.
        --Peter

On Mon, 15 Nov 2004 11:18:47 -0600, Bryce Embry <embryb () k12tn net> wrote:

Howdy,

A recent thread on BugTraq, along with some discussions with my
colleagues, has me curious about printer security.  What dangers are
there in giving a printer a public IP address?

To me, a printer with a public IP sounds utterly foolish, but I'm not
doing a very good job of making this point with my colleagues.  They
usually respond with the question "Why would anyone want to print
something to a printer they can't even find?".  My answers (usually "Why
not?" or "it's a system running an OS that is subject to exploitation")
  don't seem to be very convincing, especially since I can't produce any
known exploits.  I would appreciate any arguments and reasoning that
would carry more weight, or enlightenment to help me stop being so
paranoid.

Thanks,

Bryce





-- 
Peter Wan <peter.n.wan () gmail com>
Previous By Date Next
Previous By Thread Next

Current thread: