OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: JetDirect Card DoS exploit?
From: Ryan W. Maple (ryanGUARDIANDIGITAL.COM)
Date: Thu Oct 05 2000 - 09:32:39 CDT

I'm no expert but I've seen stuff on JetDirect vulnerabilities in the
past. I went to packetstorm (packetstorm.securify.com) and did a search
on "JetDirect" and items such as the following were returned:

hp-jetdirect-DoS.txt
  http://packetstorm.securify.com/new-exploits/hp-jetdirect-DoS.txt

jetdirect.crash.txt
  http://packetstorm.securify.com/9911-exploits/jetdirect.crash.txt

Everything here is from circia 1998 so things may have changed since then.
I do not use any JetDirect printers so I have no idea. Hope this helps.

                                          /"\
Ryan W. Maple \ / ASCII Ribbon Campaign
Guardian Digital, Inc. X Against HTML & Outlook Mail
ryanguardiandigital.com / \ http://www.thebackrow.net

On Wed, 4 Oct 2000, Bill Hayes wrote:

> On Monday, we saw all of the HP JetDirect-equipped printers go belly up on
> one of our subnets. They would not respond to pings. We restarted them
> and all is going well. I think there might be two possiblities.
>
> First, someone could have written a DoS script that attacks HP JetDirect
> cards, possibly running against Telnet or SNMP. Secondly, an improperly
> configured box with either net discovery or scanning tools could have
> caused this problem.
>
> I have seen a Win2K Pro box take out a Xyplex terminal server by scanning
> port 23, so perhaps this could have happened. I've been unable to duplicate
> this latter possiblity with HP JetDirect cards. The seem to be fine before
> and after the scans from a Win2K Pro box.
>
> Is anyone aware of any other possiblities?