Penetration Testing mailing list archives
Re: Dumping Data From Printers
From: Gary Warner <gar () askgar com>
Date: Thu, 08 May 2008 20:33:04 -0500
Paul Melson wrote:
what would be the greatest risk if network admin leave Network printerswithout password protected.
Actually, my favorite demonstration of how EVERY DEVICE ON THE NETWORK MUST BE SECURE was to find a printer on the same subnet as something sensitive (Mainframes work nicely for this demo) and then change the IP address of the printer to match the IP address of the mainframe.
If there isn't a sensitive server handy, setting the printer to have the same IP address as the Default Network Gateway for its network segment is also an effective demo.
-- -------------- Gary Warner Director of Research in Computer Forensics The University of Alabama at Birmingham gar () cis uab edu gar () askgar com -------------- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Dumping Data From Printers ahgaber_rehan (May 07)
- Re: Dumping Data From Printers Ed Baker (May 07)
- RE: Dumping Data From Printers Newton, Preston (May 07)
- Re: Dumping Data From Printers Robin Wood (May 07)
- RE: Dumping Data From Printers Shenk, Jerry A (May 07)
- Re: Dumping Data From Printers Jon R. Kibler (May 07)
- Re: Dumping Data From Printers sherwyn . williams (May 07)
- Re: Dumping Data From Printers David Howe (May 08)
- RE: Dumping Data From Printers Paul Melson (May 08)
- Re: Dumping Data From Printers Gary Warner (May 08)
- RE: Dumping Data From Printers Vukovics Péter (May 09)