Yes, this worm will cause HP Printers to freak. If HP is denying it,
they are lying. Either get rid of the default route (with it's
accompanying problems) or filter..

jon

* Kenneth Duran (KDURANPN.USBR.GOV) [010417 02:51]:
> So, this exploit which was initially directed at Linux boxes when
> directed at a HP JetDirect card responds with a spewing of garbage.
> HP says they are not subject to this happening, but their JetDirect is
> doing something. And if the Red/Ramon Noodles worm was directed at
> the HP box and the logs show an LP directed connection to an
> associated printer (networked and not directly) and the printer spews.
> Then one might say that they are subject. Maybe not rooted but
> affected. Could all of this come from a compromised local Linux box?
> Even if the captured addresses are from all over the world as
> indicated in Steve Zenone's message.
>
> Do you think that a wide open JetDirect card could have enough
> resources to have an agent laid on it and that be used to launch a
> DOS? UDP probe? that kind of thing.
>
> We are seeing all kinds of UDP/LPD activity on HPUX 11.X , JetDirect
> cards and even Sun Systems. Everything I track down points to a
> worm.... but not really. That has not been ported to HPUX. In other
> words

--
.Jonathan J. Miner------------------Division of Information Technology.
|minerdoit.wisc.edu                 University Of Wisconsin - Madison|
|608/262.9655                               Room 3149 Computer Science|
`---------------------------------------------------------------------'
It's the Magic that counts.
             -- Larry Wall on Perl's apparent ugliness
                                                                 (143)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]