OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: JetDirect Card DoS exploit?
From: Ron DuFresne (dufresneWINTERNET.COM)
Date: Thu Oct 05 2000 - 09:58:07 CDT

Bill,

Jetdirect cards have long been known to be able to be DOS'ed with various
namp scans, old sping and a few other 'exploits'. A search of the bugtraq
archive should provide quite a list of possible ways to drop the printers
out till they are recycled.

Thanks,

Ron Dufresne

On Wed, 4 Oct 2000, Bill Hayes wrote:

> On Monday, we saw all of the HP JetDirect-equipped printers go belly up on
> one of our subnets. They would not respond to pings. We restarted them
> and all is going well. I think there might be two possiblities.
>
> First, someone could have written a DoS script that attacks HP JetDirect
> cards, possibly running against Telnet or SNMP. Secondly, an improperly
> configured box with either net discovery or scanning tools could have
> caused this problem.
>
> I have seen a Win2K Pro box take out a Xyplex terminal server by scanning
> port 23, so perhaps this could have happened. I've been unable to duplicate
> this latter possiblity with HP JetDirect cards. The seem to be fine before
> and after the scans from a Win2K Pro box.
>
> Is anyone aware of any other possiblities?
>
> Bill...
>
> William Hayes, Computer Specialist, Communications & Information Technology
> Network Security Consultant, Information Services Networking & Ops Center
> University of Nebraska Lincoln
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D. Just don't touch anything.