|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: HP LaserJet 4 Series Jet Direct (and others)
From: Joel Michael (joel
DIGGY.COM.AU)Date: Sun Jun 18 2000 - 22:55:43 CDT
- Next message: Blue Boar: "Re: HP LaserJet 4 Series Jet Direct (and others)"
- Previous message: Blue Boar: "Re: HP LaserJet 4 Series Jet Direct"
- In reply to: Ryan Yagatich: "HP LaserJet 4 Series Jet Direct"
- Next in thread: Blue Boar: "Re: HP LaserJet 4 Series Jet Direct (and others)"
- Reply: Joel Michael: "Re: HP LaserJet 4 Series Jet Direct (and others)"
- Reply: Blue Boar: "Re: HP LaserJet 4 Series Jet Direct (and others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I would consider this a DOS, because, as you said, it can easily run out
of toner/paper. Another potential problem is if someone pushes
something offensive down to the printer, and just leaves it for the next
person to pick up.
This isn't limited to HP LaserJet's. I have a secondhand Kyocera
FS-3500 with some kind of network interface that I know nothing about,
except that it has an FTP server in it - you can ftp a document to be
printed. It also has SMB, IPX and AppleTalk, but I can't figure 'em out
(if anyone knows ANYTHING about what i'm talking about, PLEASE contact
me!).
This has just got me thinking. I wonder if there's anything else more
nasty that you can do to these types of printers, e.g. buffer overflows,
that will crash the printer and require it to be reset? But, then
again, who gives printers publicly available, un-firewalled IP
addresses? :-)
-- Joel Michael, who is going to run nmap over his printer when he gets home...----- Original Message ----- From: Ryan Yagatich <ryagatich
Hello,
I'm not sure if this can be considered a "vulnerability" but in my eyes it is.
With the HP LaserJet 4 series Jet direct card you can telnet to port 9099 on the printer's IP address and type any text and on disconnect the page will be printed. If someone writes a piece of software that is like a dictionary generator and pushes it to this port, and then kills the connection later, it is possible to DOS your print services. why? well no paper/toner so you have no service.
Workaround:
use a paralell connection between your printer and computer, and share it via Windows 9x printer sharing, or via Samba. Plus, this way you don't have to forfeit an IP address.
Questions/Comments:
please comment as much as possible on this topic.
Ryan Yagatich
- Next message: Blue Boar: "Re: HP LaserJet 4 Series Jet Direct (and others)"
- Previous message: Blue Boar: "Re: HP LaserJet 4 Series Jet Direct"
- In reply to: Ryan Yagatich: "HP LaserJet 4 Series Jet Direct"
- Next in thread: Blue Boar: "Re: HP LaserJet 4 Series Jet Direct (and others)"
- Reply: Joel Michael: "Re: HP LaserJet 4 Series Jet Direct (and others)"
- Reply: Blue Boar: "Re: HP LaserJet 4 Series Jet Direct (and others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]