OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: JetDirect Card DoS exploit?
From: Blair Strang (Blair.StrangCHELMER.CO.NZ)
Date: Thu Oct 05 2000 - 22:50:58 CDT

I recall dropping the HP printers at work with large
ping packets (about 2 years ago or so?) - that probably
doesn't work anymore. Did they spit out some kind of
diagnostic page? IIRC, they did that when I was playing
with them.

Ta,

    Blair.

-----Original Message-----
From: Ron DuFresne [mailto:dufresneWINTERNET.COM]
Sent: Friday, 6 October 2000 03:58
To: VULN-DEVSECURITYFOCUS.COM
Subject: Re: JetDirect Card DoS exploit?

Bill,

Jetdirect cards have long been known to be able to be DOS'ed with various
namp scans, old sping and a few other 'exploits'. A search of the bugtraq
archive should provide quite a list of possible ways to drop the printers
out till they are recycled.

Thanks,

Ron Dufresne

On Wed, 4 Oct 2000, Bill Hayes wrote:

> On Monday, we saw all of the HP JetDirect-equipped printers go belly up
on
> one of our subnets. They would not respond to pings. We restarted them
> and all is going well. I think there might be two possiblities.
>
> First, someone could have written a DoS script that attacks HP JetDirect
> cards, possibly running against Telnet or SNMP. Secondly, an improperly
> configured box with either net discovery or scanning tools could have
> caused this problem.
>
> I have seen a Win2K Pro box take out a Xyplex terminal server by scanning
> port 23, so perhaps this could have happened. I've been unable to
duplicate
> this latter possiblity with HP JetDirect cards. The seem to be fine before
> and after the scans from a Win2K Pro box.
>
> Is anyone aware of any other possiblities?
>
> Bill...
>
> William Hayes, Computer Specialist, Communications & Information
Technology
> Network Security Consultant, Information Services Networking & Ops Center
> University of Nebraska Lincoln
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D. Just don't touch anything. 

--
The information contained in this e-mail and any attachments is confidential
and is intended for the attention and use of the named addressee(s) only.
Any views expressed in this message are those of the individual sender and
may not necessarily reflect the views of Chelmer Limited.