Security Incidents mailing list archives
Re: Printer exploit?
From: sarnold () wirex com
Date: Wed, 27 Jun 2001 10:51:53 -0700
On Tue, Jun 26, 2001 at 02:32:05PM -0600, Brendan Murphy wrote:
More than a few of our networked HP Laserjet printers have been sporadically printing out entire trays of paper that have a '1', 'u', 'i'
[...]
Some facts, just in case: - Printers are using JetDirect cards over TCP/IP - Some users connected through print server, others directly. - Printers are NOT the same model
The second note is the source of your problem. By allowing users to connect directly to the printer, you lose all possibilities of convserving your resources. It has been many years since I have had to work with HP JetDirect Cards (Oh, how I hope they have improved :) but the thing to look for in their setup utilities is a way to restrict connections to only a few IP addresses -- the print servers on your NT/Unix machines that have logging and much better access controls (tcpd aka tcp wrappers, or an NT equivelent which I hope exists). Of course, if the JetDirect cards don't have the ability to set a list of IP addresses that are allowed to submit print jobs, you are in a bit more troubling spot. My first thought is to set different RFC1918 addresses on the printer, and put two IPs on your print servers -- one that the existing tcp/ip subnet knows how to speak to, one that can only speak with the printers. This ought to keep idiots from doing it again, though it will never deter a determined attacker. Another possibility is to look into using OpenBSD as an ethernet bridge thingy: bridge(4) brconfig(8) http://www.obfuscation.org/ipf/ipf-howto.html#TOC_49 Sadly, this technique will require one OpenBSD box per printer. (It might be able to work with other IPF-running unices, I don't know.) Good luck. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Printer exploit? Brendan Murphy (Jun 26)
- Re: Printer exploit? Tohru Watanabe (Jun 27)
- Re: Printer exploit? Piotr Klaban (Jun 27)
- Re: Printer exploit? sarnold (Jun 27)
- Re: Printer exploit? Thomas Corriher (Jun 28)
- Re: Printer exploit? John Leach (Jun 28)
- Re: Printer exploit? Vangelis Haniotakis (Jun 28)
- Re: Printer exploit? HyunWoo Lee (Jun 29)
- RE: Printer exploit? Rocket Downing (Jun 28)
- Re: Printer exploit? Vangelis Haniotakis (Jun 28)
- <Possible follow-ups>
- Re: Printer exploit? lifeonmars (Jun 27)
- RE: Printer exploit? John Hanks (Jun 27)
- RE: Printer exploit? Richard . Grant (Jun 27)
- Re: Printer exploit? Piotr Klaban (Jun 28)
- Re: Printer exploit? Jeremy Sanders (Jun 29)