Printer Attacks

[doc tarrow <doc.tarrow () gmail com>]

Over on full-disclosure@, I was informed about some of the research
around actively attacking printers. I've traded email with the foofus
guy and watched his talk from Defcon, but I'm curious about how this
plays out for others in a pen testing role.

The primary goal as I understand things currently, is to gather valid
user credentials. Naturally, compromised credentials represent serious
risk in most situations. Personally, I find the research pretty
interesting and used Praeda last week to scan our local printers. This
revealed some gaps in our current deployment strategy, but didn't come
up with a silver bullet.

Now the hard part. I have to relate this risk to our risk management
and net ops people. In some respects, it seems that simply applying
common sense to our printer hardening practice is all that's required
to reduce (eliminate?) risk. That said, it seems forceful browsing is
possible against some printers. In looking at the Praeda code, it
seems some of this is being tested directly.

At the risk of receiving replies telling me to just do my job, I'm
curious. Do any of you actively attack printer systems? If so, how are
you framing the risk discussion for others. I'm willing to share my
plan for this discussion, but am hoping for something more than, 'me
too.' So, I'll post that at some future date.

Thanks.

t.doc

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------