Penetration Testing mailing list archives
Printer Attacks
From: doc tarrow <doc.tarrow () gmail com>
Date: Mon, 7 Nov 2011 14:53:05 -0600
Over on full-disclosure@, I was informed about some of the research around actively attacking printers. I've traded email with the foofus guy and watched his talk from Defcon, but I'm curious about how this plays out for others in a pen testing role. The primary goal as I understand things currently, is to gather valid user credentials. Naturally, compromised credentials represent serious risk in most situations. Personally, I find the research pretty interesting and used Praeda last week to scan our local printers. This revealed some gaps in our current deployment strategy, but didn't come up with a silver bullet. Now the hard part. I have to relate this risk to our risk management and net ops people. In some respects, it seems that simply applying common sense to our printer hardening practice is all that's required to reduce (eliminate?) risk. That said, it seems forceful browsing is possible against some printers. In looking at the Praeda code, it seems some of this is being tested directly. At the risk of receiving replies telling me to just do my job, I'm curious. Do any of you actively attack printer systems? If so, how are you framing the risk discussion for others. I'm willing to share my plan for this discussion, but am hoping for something more than, 'me too.' So, I'll post that at some future date. Thanks. t.doc ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Printer Attacks doc tarrow (Nov 07)
- Re: Printer Attacks The Doctor (Nov 08)
- Re: Printer Attacks Marco Ivaldi (Nov 09)
- Re: Printer Attacks The Doctor (Nov 08)