Security Basics mailing list archives
RE: Securing Printers
From: "Yvan G.J. Boily" <yboily () seccuris com>
Date: Mon, 15 Nov 2004 13:51:45 -0600
Well, my simple argument is the instance where an attacker printed out a document on a network shared printer on a wireless network. The attacker only printed the message "Your network is wide open". Not a big threat for a home user, but scary enough. Imagine a slightly different context where a disgruntled employee goes to an internet café, connects to the network printer, and prints off a falsified email from co-worker A to co-worker B containing a pornographic image. The printed document could be lying around, Co-worker A and B get flak, potentially fired, and disgruntled employee is not a suspect. A more serious instance would be if malicious attacker wanted to attempt a "phishing" attack, they could print out a "memo" targeting a specific low-level or new employee from a higher level manager to take specific action. The next person who uses the printer would collect the document and potentially forward it on to the target user. Just the possibility of this type of activity occurring should justify the assignment of a private IP address. Yvan
-----Original Message----- From: Bryce Embry [mailto:embryb () k12tn net] Sent: Monday, November 15, 2004 11:19 AM To: sec-basic list Subject: Securing Printers Howdy, A recent thread on BugTraq, along with some discussions with my colleagues, has me curious about printer security. What dangers are there in giving a printer a public IP address? To me, a printer with a public IP sounds utterly foolish, but I'm not doing a very good job of making this point with my colleagues. They usually respond with the question "Why would anyone want to print something to a printer they can't even find?". My answers (usually "Why not?" or "it's a system running an OS that is subject to exploitation") don't seem to be very convincing, especially since I can't produce any known exploits. I would appreciate any arguments and reasoning that would carry more weight, or enlightenment to help me stop being so paranoid. Thanks, Bryce
Current thread:
- Securing Printers Bryce Embry (Nov 15)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)
- Re: Securing Printers Virgo Pärna (Nov 16)
- RE: Securing Printers David Gillett (Nov 15)
- Re: Securing Printers Ed Donahue (Nov 16)
- Re: Securing Printers Zurt (Nov 16)
- Re: Securing Printers Matthew Romanek (Nov 16)
- RE: Securing Printers Corey Watts-Jones (Nov 19)
- Re: Securing Printers Jonathan Kline (Nov 16)
- Re: Securing Printers Frank T. Clark (Nov 16)
- Re: Securing Printers xyberpix (Nov 16)
- Re: Securing Printers Peter Wan (Nov 16)
(Thread continues...)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)