RE: NMAP and HP JetDirect port

["Uri Gilad" <ugilad () forescout com>]

The point was not to fix the vulnerability. I even think this may be considered a feature with correct access control. 
The question is how do I avoid sending data to this port only (or similar ones on other printers). 

Uri. 

-----Original Message-----
From: hutuworm 
Sent: Tuesday, June 14, 2005 9:24 AM
To: Uri Gilad
Subject: Re: NMAP and HP JetDirect port


I think it should be JetDirect's vulnerability, it's better to suggest
HP to fix the JetDirect protocol implementation, since you can't
prevent other scanners or whatever sending packets to 9100/TCP port.

On 6/14/05, Uri Gilad wrote:
> Hi,
>         this issue has been raised before, but to recap :
> running nmap -sO or nmap -sV on a host, not specifying a specific port will send data to port 9100/TCP .
> HP printers use this port for the JetDirect protocol, meaning the printer will happily print whatever
> strings the nmap throws at it in attempt to detect the protocol used on this port. This will consume large
> amounts of paper, and is an unwanted side effect in almost every scenario.
>
> It seems that commenting out 9100/TCP in nmap-services will alleviate this problem.
>
> Two questions arise:
>
> 1. Is this the best method to cause nmap to skip 9100/TCP in scanning a host.
> 2. Have anyone experianced any similar problems with printers (we only have one
> brand of printers...)
>
> Thanks,
>
> Uri Gilad.
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev


-- 
In doG We Trust


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev