Penetration Testing mailing list archives
Re: Printer Attacks
From: Marco Ivaldi <raptor () mediaservice net>
Date: Wed, 9 Nov 2011 13:35:27 +0100 (ora solare Europa occidentale)
Hi, On Tue, 8 Nov 2011, The Doctor wrote:
Networked devices can also be a useful cover for hiding equipment smuggled into the target site and hidden in plain view. For example, attaching a wireless access point between the printer and the rest of the LAN often went unnoticed (perfect for sneaking right into the core of the client's network); in a pinch, the excuse "The cable wasn't long enough, so I put in an Ethernet switch and a three foot CAT-6 until we get a longer one," worked. I rather doubt that tucking a netbook behind a networked printer or fax machine with a sticy that reads "PRINT SERVER: DO NOT TOUCH" would still work these days, though.
LOL. Networked printers might also be a good starting point for NAC bypass: sometimes their MAC addresses are considered trusted and might be able to access the corporate network. Also, keep in mind that physical access is always a risk.
While we are at it, I'd like to throw in a couple of interesting references about networked printers hacking:
http://archive.hack.lu/2010/Costin-HackingPrintersForFunAndProfit-slides.pdf http://www.irongeek.com/i.php?page=security/networkprinterhacking [and much more, just do a Google search] Cheers, -- ------------------------------------------------------------------ Marco Ivaldi OPSA, OPST, OWSE, PCI-ASV Senior Security Advisor @ Mediaservice.net Srl Tel: +39-011-32.72.100 Via Santorelli, 15 Fax: +39-011-32.46.497 10095 Grugliasco (TO) - ITALY http://www.mediaservice.net/ ------------------------------------------------------------------ PGP Key - https://keys.mediaservice.net/m_ivaldi.asc ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Printer Attacks doc tarrow (Nov 07)
- Re: Printer Attacks The Doctor (Nov 08)
- Re: Printer Attacks Marco Ivaldi (Nov 09)
- Re: Printer Attacks The Doctor (Nov 08)