[unisog] HP JetDirect guessing game

Stefan netfortius at gmail.com
Fri Mar 13 19:09:59 GMT 2009


http://www.irongeek.com/i.php?page=security/networkprinterhacking -
can't remember the entire content, but definitely worth a look ...

Stefan

On Fri, Mar 13, 2009 at 12:42 PM, Michael Holstein
<michael.holstein at csuohio.edu> wrote:
> As a corollary to Murphy's law, it seems that "No device will fail to
> malfunction in the presence of a technician".
>
> Such is my current dilemma .. we have a few hundred HP JetDirect devices
> scattered around campus, all of which are attached to print servers of
> some sort (but are otherwise un-firewalled, meaning one could print
> directly by configuring IP printing of some flavor).
>
> What we're getting is otherwise blank pages, containing only the date
> (MM/DD/YYYY) in the top-left corner.
>
> This can be replicated by doing (from *nix) .. "date +%m/%d/%Y |nc
> x.x.x.x 9100"
>
> Being as HP's built-in tools have no page log that contains useful info
> like which IP a job came from, I resorted to the brute-force "hub and a
> laptop" approach .. upon which the problem promptly stopped .. all
> across campus.
>
> I've checked a bunch of other points in the network (firewalled devices,
> linux boxes, etc.) to see if there's any sort of scan that's hitting
> everything (Nessus, for example, will do this if "safe checks" is
> disabled .. but it spews tons of junk) and I don't see any evidence of it.
>
> So my question to you fine folks is this .. "is there any tool
> (network/security/scan/etc) you're aware of that causes a printer to
> emit a otherwise blank page containing only the date?".
>
> Thanks,
>
> Michael Holstein
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>


More information about the unisog mailing list