Security Basics mailing list archives
Re: Vulnerability testing in analog modem
From: jfvanmeter () comcast net
Date: Mon, 29 Oct 2007 16:21:04 +0000
I had a similar pen test, it was on a xerox docucentra, I had several concerns with the multifunction printer 1. there was/is no auditing of the fax connection, so I could try and try and no one would never know about the attack. 2. the printer also had a web server, so I copied some test file to the hd and set up my very own web site. i believe it is possible to break out of the modem connection, via some type of diagnotic route and get access to the network. I recommend that to my client that they configure the phone jack for outgoing calls only., turn off the web server, set passwords, etc. I would be interested in hearing anyones thoughts about this. I have a test coming up for a client on a multi function printer Take Care and Have Fun --John -------------- Original message ---------------------- From: rohnskii () gmail com
I don't know about connecting through the fax to the network but there is another security concern to think about. Fax machines, and printers, that have an internal HD for document storage can be a security concern. When the machine is sent out for servicing or retired there may be retrievable document images with confidential information on them.
Current thread:
- Vulnerability testing in analog modem firstkhan2000 (Oct 26)
- RE: Vulnerability testing in analog modem Craig Wright (Oct 26)
- <Possible follow-ups>
- Re: Vulnerability testing in analog modem rohnskii (Oct 29)
- Re: Vulnerability testing in analog modem jfvanmeter (Oct 29)
- RE: Vulnerability testing in analog modem Craig Wright (Oct 29)
- RE: Vulnerability testing in analog modem jfvanmeter (Oct 30)
- RE: Vulnerability testing in analog modem Craig Wright (Oct 30)