Bugtraq mailing list archives
HP Laserjet 4M Plus DirectJet Problem
From: jessen () AHAND UNICAMP BR (Klaus Steding-Jessen)
Date: Sat, 4 Oct 1997 18:02:01 -0300
I don't know if this is a well known HP printer problem, but I've found no references of it on the bugtraq archives. It is possible to bypass lpd and page accounting on a HP PostScript printer attached to an ethernet card sending PostScript directly to tcp ports 9099 and 9100 from any machine over the network. I've tested on a HP Laserjet 4M Plus DirectJet, connecting to port 9099 or 9100 tcp and printing PostScript documents. There is no way to tell the printer to accept connections only from a range of valid IPs. Also, it is possible to telnet to the printer and change the printer IP or disable logging. Protect the printer inside a firewall appears to be the only safe way. Find this kind of printer on a network is quite easy with a good port scanner. It responds to ping and listens on tcp ports 23, 515, 9099 and 9100. # nmap -P -s printer.foo.bar.org -p 23,515,9099,9100 Starting nmap V 1.25 by Fyodor (fyodor () dhp com, www.dhp.com/~fyodor/nmap/ Hint: The -v option notifies you of open ports as they are found. Host printer.foo.bar.org (xx.yy.ww.zz) appears to be up ... good. Open ports on printer.foo.bar.org (xx.yy.ww.zz): Port Number Protocol Service 23 tcp telnet 515 tcp printer 9099 tcp unknown 9100 tcp unknown To print a PostScript document just send it to port 9099 or 9100. Netcat will do: $ nc printer.foo.bar.org 9099 < huge_document.ps or $ nc printer.foo.bar.org 9100 < huge_document.ps Anyone can confirm this with other printers? I think HP 5M is also vulnerable, but I've not tested. Klaus.
Current thread:
- HP Laserjet 4M Plus DirectJet Problem Klaus Steding-Jessen (Oct 04)
- Re: HP Laserjet 4M Plus DirectJet Problem Darren Reed (Oct 04)
- Re: HP Laserjet 4M Plus DirectJet Problem Bill Paul (Oct 05)
- <Possible follow-ups>
- Re: HP Laserjet 4M Plus DirectJet Problem David LeBlanc (Oct 05)
- Re: HP Laserjet 4M Plus DirectJet Problem lee () SWIFTMAIL COM (Oct 13)