OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: JetDirect Card DoS exploit?
From: Begley, Mason (mbegleyXO.COM)
Date: Thu Oct 05 2000 - 12:32:08 CDT

I think I have seen a previous message about this on BUGTRAQ. It dealt with
someone using nmap to scan your network could kill HP JetDirect-equipped
printers. I'll look at the archive and see if I can find the message on
this.

Mason Begley
XO Communications
(formally Concentric Network)

 -----Original Message-----
From: Bill Hayes [mailto:bhayesUNLNOTES.UNL.EDU]
Sent: Wednesday, October 04, 2000 1:04 AM
To: VULN-DEVSECURITYFOCUS.COM
Subject: JetDirect Card DoS exploit?

On Monday, we saw all of the HP JetDirect-equipped printers go belly up on
one of our subnets. They would not respond to pings. We restarted them
and all is going well. I think there might be two possiblities.

First, someone could have written a DoS script that attacks HP JetDirect
cards, possibly running against Telnet or SNMP. Secondly, an improperly
configured box with either net discovery or scanning tools could have
caused this problem.

I have seen a Win2K Pro box take out a Xyplex terminal server by scanning
port 23, so perhaps this could have happened. I've been unable to duplicate
this latter possiblity with HP JetDirect cards. The seem to be fine before
and after the scans from a Win2K Pro box.

Is anyone aware of any other possiblities?

Bill...

William Hayes, Computer Specialist, Communications & Information Technology
Network Security Consultant, Information Services Networking & Ops Center
University of Nebraska Lincoln