Re: RES: SNMP vulnerability test?

[Mark Tinberg <mtinberg () securepipe com>]

May I refer to the document at 

http://freshmeat.net/articles/view/445/

which contains a very good analysis of printer security risks, which are 
usually totally ignored because "it's just a printer", when most modern 
printers are full network servers with full operating systems (VXworks, 
QNX, other.) underneath.  Others have PostScript, which is an environment 
all to itself.

On 12 Oct 2002, John Beuke wrote:

> In-Reply-To: <gu97kpfevo7.fsf () rampart argfrp us uu net>
>
> other parts of the enterprise? Some of the data I have read state that 
> attacking the printer mib using the community string for the printer will 
> only allow attackers to joy ride around the print server and printers. 
> Then other data state that the printers community string will allow 
> attackers to obtain the http passwords and other network access password. 
> 99% of those devices listed were just HP printers and did not state that 
> these printers had the ability to network scan, scan to email, or scan to 

-- 
Mark Tinberg <MTinberg () securepipe com>
Network Security Engineer, SecurePipe Inc.
Remember:  Wherever you go, there you are!
Key fingerprint = AF6B 0294 EE33 D802 F7A1  38A4 CF52 5FE0 7470 E5F7


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com