RE: SNMP search for printers?

[Dave Killion <Dkillion () netscreen com>]

My memory is very fuzzy on this, but I seem to remember there being some
very interesting extensions to the PostScript language that could command
the printer to do fun things like "don't purge the print spool" and
"redirect the print spool to system 'x'" - A properly formatted PS
document could own your printer.

Networked printers are nearly ubiquitous in most companies today - fear
your printer!

-Dave

-----Original Message-----
From: Aaron Cheek [mailto:aaron_cheek () yahoo com]
Sent: Tuesday, June 17, 2003 5:49 PM
To: incidents () securityfocus com
Subject: SNMP search for printers?


All,

One of my class Cs got SNMP scanned, and wanted to ask
you what the purpose of this scan you think it might
be:

80.200.243.104.1152 > mynet.161:  GetRequest(25)
.1.3.6.1.4.1.641[|snmp]

(Apparently an ADSL user at Belgium -
104.243-200-80.adsl-fix.skynet.be)

They tried different OIDs: .1.3.6.1.4.1.641 (Lexmark
International), .1.3.6.1.4.1.11.2 (Hewlett Packard),
.1.3.6.1.4.1.480 (QMS, Inc.), .1.3.6.1.2.1.43 (3Com).

All scans had src port 1152.

What I see in common here is printers. If so, what is
the purpose of massively scanning for printers?

Other people seeing this? Any ideas? Any known tool?

Aaron

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

--------------------------------------------------------------------------
--
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from
CSO's to
"underground" security specialists.  See for yourself what the buzz is
about!
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
--------------------------------------------------------------------------
--

Attachment: smime.p7s
Description: