OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: DOS attack against HP JetDirect Printers (fwd)
From: Alfred Huger (ahSECURITYFOCUS.COM)
Date: Thu Apr 20 2000 - 10:45:02 CDT

Alfred Huger
VP of Engineering
SecurityFocus.com

---------- Forwarded message ----------
Date: Thu, 20 Apr 2000 13:08:47 +0200
From: Paul Knowles <Paul.Knowlesunifr.ch>
To: vuldbsecurityfocus.com
Cc: knowlespexppc33.unifr.ch
Subject: DOS attack against HP JetDirect Printers

Hello,

In case anyone is interested, scanning HP printers with
tools such as nmap will cause the printer to lock up hard.
I discovered this while trying to diagnose a connection
problem we were having with a printer.
I've verified this with at least the following versions of
JetDirect:

Firmware Rev. : A.08.06
Firmware Rev. : G.08.03
Firmware Rev. : G.07.17
Firmware Rev. : G.07.03

I haven't been able to establish the exact communications
causing the lockup; someone with more experience than I
should check this out.

Any network accessable printer can be put out of service
with a simple nmap -sT -PT HP.printer.tcp.ip
A power cycle is required for reset.

My apologies if i have the wrong email address.
(there is no Submit a Bug instructions on the securityfocus
site). HP have no bug reporting facilities either...

thanks,

Paul Knowles.
email: Paul.Knowlesunifr.ch
finger me at pexppc33.unifr.ch for more contact information