Re: Printer exploit?

[Tohru Watanabe <tohruw () heaven hamline edu>]

-  We had similar problems earlier this year around when the LPRng exploit
   was released.  
-  We were able to replicate the problem by running the LPRng
   exploit against port 9100 of the printer.  
-  To solve the problem, we
   upgraded the firmware on all our printers and set up ACLs (since all
   print jobs come from a few print servers).  


We never did find out where it was comming from though.  It may be helpful
to block port 9100 on a firewall but if it's originating from on campus,
it'll probably be difficult to block.  
Hope this helps.

Tohru

On Tue, 26 Jun 2001, Brendan Murphy wrote:

> Hi all-
>   More than a few of our networked HP Laserjet printers have been
> sporadically printing out entire trays of paper that have a '1', 'u', 'i'
> in the upper right hand corner of the page, -or- a string of text along
> the top of the page.  The jobs don't appear on the queue.  This problem
> was noticed very rarely beginning a couple of months ago, but has
> increased in frequency over the last two evenings. ...and it usually only
> occurs during the evening...but has occured during the day.  Again, it
> usually goes through the entire tray of paper unless the printer is
> shutdown.
>    Has anyone heard of any exploits to LaserJet printers, or printers in
> general that might cause this problem?  We've been through the gambit with
> HP and nothing seems to match...
>
> Some facts, just in case:
>       - Printers are using JetDirect cards over TCP/IP
>       - Some users connected through print server, others directly.
>       - Printers are NOT the same model
>
> I am going to sniff out the traffic this evening to see if I can find
> anything...but thought I might be able to get a head start in the event
> that any of you had heard of an exploit that might be causing this one....
>
> Regards,
> Brendan Murphy
> Network, Video, and DSL Services
> University of Colorado-Denver
> Computing, Information & Network Services (CINS)
> ~~~
> "Obstacles are only things people see when
>  they take their eyes off their goals."
>
>
>
> ----------------------------------------------------------------------------
>
>
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see:
>
> http://aris.securityfocus.com



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com