[unisog] HP JetDirect guessing game

Stefan netfortius at gmail.com
Fri Mar 13 19:09:59 GMT 2009

http://www.irongeek.com/i.php?page=security/networkprinterhacking -
can't remember the entire content, but definitely worth a look ...


On Fri, Mar 13, 2009 at 12:42 PM, Michael Holstein
<michael.holstein at csuohio.edu> wrote:
> As a corollary to Murphy's law, it seems that "No device will fail to
> malfunction in the presence of a technician".
> Such is my current dilemma .. we have a few hundred HP JetDirect devices
> scattered around campus, all of which are attached to print servers of
> some sort (but are otherwise un-firewalled, meaning one could print
> directly by configuring IP printing of some flavor).
> What we're getting is otherwise blank pages, containing only the date
> (MM/DD/YYYY) in the top-left corner.
> This can be replicated by doing (from *nix) .. "date +%m/%d/%Y |nc
> x.x.x.x 9100"
> Being as HP's built-in tools have no page log that contains useful info
> like which IP a job came from, I resorted to the brute-force "hub and a
> laptop" approach .. upon which the problem promptly stopped .. all
> across campus.
> I've checked a bunch of other points in the network (firewalled devices,
> linux boxes, etc.) to see if there's any sort of scan that's hitting
> everything (Nessus, for example, will do this if "safe checks" is
> disabled .. but it spews tons of junk) and I don't see any evidence of it.
> So my question to you fine folks is this .. "is there any tool
> (network/security/scan/etc) you're aware of that causes a printer to
> emit a otherwise blank page containing only the date?".
> Thanks,
> Michael Holstein
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

More information about the unisog mailing list