HP Printers and port 80 worms

Douglas P. Brown dugbrown at email.unc.edu
Mon Aug 6 19:27:07 GMT 2001


Thanks to all who wrote to me and responded to the list - here is what
I've gathered:

For you brave souls who are willing to try a firmware upgrade:

http://www.hp.com/cposupport/networking/software/allhpjd3.exe.html

in some cases you may want (or need) to do this upgrade with a laptop
and a crossover cable.  To make sure the firmware loader can see the
printer on the crossover cable telnet to it first, then run the loader.

after upgrade, then -
 
Telnet to printer

type: ews-config: 0 
 
and this will disable port 80... and from what we have seen stop the
memory dumps from Code Red, etc.

Hope this helps,
-DpB
-- 
Douglas P. Brown
University of North Carolina
ATN Security Analyst
105 Abernethy Hall
http://www.unc.edu/security/staff/brown/



More information about the unisog mailing list