[unisog] HP JetDirect guessing game

Raw, Randy rawr at more.net
Mon Mar 16 13:53:47 GMT 2009 

Certain Nessus plugins will also cause this behavior. We have had
departments report a lot of printer issues when we run Nessus against their
printers and have since stopped scanning them. 

IP restriction to only known print servers works until our Unix folks want
to print. That is a bit more problematic.

Randy Raw, CISSP
MOREnet Manager, Network Security
3212 LeMone Industrial Blvd
Columbia, MO 65201
573.882.0749
573.884.7699 fax
http://www.more.net/security

Remember...security is EVERYONE's business.
Register for the MOREnet Security Symposium at
http://www.more.net/conferences/symposium2009/

> -----Original Message-----
> From: unisog-bounces at lists.dshield.org [mailto:unisog-
> bounces at lists.dshield.org] On Behalf Of Michael Holstein
> Sent: Friday, March 13, 2009 12:43 PM
> To: UNIversity Security Operations Group
> Subject: [unisog] HP JetDirect guessing game
> 
> As a corollary to Murphy's law, it seems that "No device will fail to
> malfunction in the presence of a technician".
> 
> Such is my current dilemma .. we have a few hundred HP JetDirect devices
> scattered around campus, all of which are attached to print servers of
> some sort (but are otherwise un-firewalled, meaning one could print
> directly by configuring IP printing of some flavor).
> 
> What we're getting is otherwise blank pages, containing only the date
> (MM/DD/YYYY) in the top-left corner.
> 
> This can be replicated by doing (from *nix) .. "date +%m/%d/%Y |nc
> x.x.x.x 9100"
> 
> Being as HP's built-in tools have no page log that contains useful info
> like which IP a job came from, I resorted to the brute-force "hub and a
> laptop" approach .. upon which the problem promptly stopped .. all
> across campus.
> 
> I've checked a bunch of other points in the network (firewalled devices,
> linux boxes, etc.) to see if there's any sort of scan that's hitting
> everything (Nessus, for example, will do this if "safe checks" is
> disabled .. but it spews tons of junk) and I don't see any evidence of it.
> 
> So my question to you fine folks is this .. "is there any tool
> (network/security/scan/etc) you're aware of that causes a printer to
> emit a otherwise blank page containing only the date?".
> 
> Thanks,
> 
> Michael Holstein
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3091 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20090316/19345d7b/attachment.bin

More information about the unisog mailing list