Re: Vulnerability testing in analog modem

[jfvanmeter () comcast net]

I had a similar pen test, it was on a xerox docucentra, I had several concerns with the multifunction printer

1. there was/is no auditing of the fax connection, so I could try and try and no one would never know about the attack.
2. the printer also had a web server, so I copied some test file to the hd and set up my very own web site.

i believe it is possible to break out of the modem connection, via some type of diagnotic route and get access to the 
network.

I recommend that to my client that they configure the phone jack for outgoing calls only., turn off the web server, set 
passwords, etc. 

I would be interested in hearing anyones thoughts about this. I have a test coming up for a client on a multi function 
printer

Take Care and Have Fun --John

 -------------- Original message ----------------------
From: rohnskii () gmail com
> I don't know about connecting through the fax to the network but there is 
> another security concern to think about.
>
>
> Fax machines, and printers, that have an internal HD for document storage can be 
> a security concern.  When the machine is sent out for servicing or retired there 
> may be retrievable document images with confidential information on them.