Security Incidents mailing list archives
Re: Printer exploit?
From: Tohru Watanabe <tohruw () heaven hamline edu>
Date: Tue, 26 Jun 2001 20:32:23 -0500 (CDT)
- We had similar problems earlier this year around when the LPRng exploit was released. - We were able to replicate the problem by running the LPRng exploit against port 9100 of the printer. - To solve the problem, we upgraded the firmware on all our printers and set up ACLs (since all print jobs come from a few print servers). We never did find out where it was comming from though. It may be helpful to block port 9100 on a firewall but if it's originating from on campus, it'll probably be difficult to block. Hope this helps. Tohru On Tue, 26 Jun 2001, Brendan Murphy wrote:
Hi all- More than a few of our networked HP Laserjet printers have been sporadically printing out entire trays of paper that have a '1', 'u', 'i' in the upper right hand corner of the page, -or- a string of text along the top of the page. The jobs don't appear on the queue. This problem was noticed very rarely beginning a couple of months ago, but has increased in frequency over the last two evenings. ...and it usually only occurs during the evening...but has occured during the day. Again, it usually goes through the entire tray of paper unless the printer is shutdown. Has anyone heard of any exploits to LaserJet printers, or printers in general that might cause this problem? We've been through the gambit with HP and nothing seems to match... Some facts, just in case: - Printers are using JetDirect cards over TCP/IP - Some users connected through print server, others directly. - Printers are NOT the same model I am going to sniff out the traffic this evening to see if I can find anything...but thought I might be able to get a head start in the event that any of you had heard of an exploit that might be causing this one.... Regards, Brendan Murphy Network, Video, and DSL Services University of Colorado-Denver Computing, Information & Network Services (CINS) ~~~ "Obstacles are only things people see when they take their eyes off their goals." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Printer exploit? Brendan Murphy (Jun 26)
- Re: Printer exploit? Tohru Watanabe (Jun 27)
- Re: Printer exploit? Piotr Klaban (Jun 27)
- Re: Printer exploit? sarnold (Jun 27)
- Re: Printer exploit? Thomas Corriher (Jun 28)
- Re: Printer exploit? John Leach (Jun 28)
- Re: Printer exploit? Vangelis Haniotakis (Jun 28)
- Re: Printer exploit? HyunWoo Lee (Jun 29)
- RE: Printer exploit? Rocket Downing (Jun 28)
- Re: Printer exploit? Vangelis Haniotakis (Jun 28)
- <Possible follow-ups>
- Re: Printer exploit? lifeonmars (Jun 27)
- RE: Printer exploit? John Hanks (Jun 27)
- RE: Printer exploit? Richard . Grant (Jun 27)
(Thread continues...)