Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: HP Jetdirect security

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    HP Jetdirect security

    Hi all,

    I have an HP JetDirect 300x print server. I use it on my home lan just to keep it easy for people to print.

    I was playing around with it a bit and found out that it has a ftp server on it.
    I'm not quite sure of the size of the memory... but anywho.

    I have setup a password on this, but it is still accessable to ppl who try to get to it.
    (they can't copy/store files or make changes to the config)

    With the username and password, I have stored/retrieved files from it.
    I'm keeping them small becuase I don't know the memory size.

    The services running on it (which I can't seem to disable... only password protect)

    Port State Service
    21/tcp open ftp
    80/tcp open http
    280/tcp open http-mgmt
    515/tcp open printer
    631/tcp open ipp
    9100/tcp open jetdirect
    Is there anything anyone can do with a JetDirect that I should be worried about?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    JetDirects have an HTTP interface so they can be managed via web browser. You will want to secure that, as well. Also, turn off the SNMP service, or secure it. Any JetDirects connected to the net should have these services secured.

    Check with HP for the updated firmware for this model JetDirect, as well.

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    Here's an article that you might find interesting phishphreek80 , it comes right from HP's website. The article is called ::
    HP Jetdirect Print Servers - Making HP Jetdirect Print Servers Secure on a Network
    here's the link :: http://www.hp.com/cposupport/network.../bpj05999.html
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I found that an effective way of protecting small devices such as this, is to omit the default route when configuring them.

    Then they cannot talk to any boxes outside the lan.

    Slarty

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    rapier57: Thanks for the suggestion. I normally only think to check for firmware upgrades when there is a problem/bug. I'll have to remember to check for firmware for all small devices like that.

    Agent_Steal: Thanks for the article. I'll have to read it over my morning coffee. I somehow missed it in my searching.

    slarty: thanks for the suggestion. I will do that, as there is NO reason that the print server will need to access the net. Unless using ftp for to DL the firmware, or whatever the procedure is fot that. I'll make sure to reconfig it w/o the gateway.

    I was actually thinking more on the evil side of things when I wrote this original thread.

    What if:

    Someone was to gain access to the print server, then store a malicious script in the FTP. Be it vbs or .bat, a virus even... whatever. Then at a later time, have another script download the malicious script from the ftp server and boom! Kind of like a poor mans logic bomb? It could even be incorporated into the logon scripts, but to run at a certain time/date... Guess it could be from any ftp or website... but if it was on the local lan, it'd be much faster. Don't know how fast those print servers ftp service really is though.

    I don't think anyone will get access to it to start with... it was just an idea.
    I'm alway parinoid I guess.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    Is your network separated by a hardware firewall? When it comes in is it then connected by a router? Is your Printer connected to a System used as a Printer Server? What OS/SOFTWARE is used as the print server?

    I have a similar setup in my house and I shut down some of the customized configuration and left it wide open. Watching the traffic comming in the two main sources hit were my router and my print server. So maybe you are on the right track being paranoid of someone attacking your printer.

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    There is a cisco 806 broadband router that I use as my firewall at the perimiter.

    I use NAT so I only need one public IP. So, everything is behind the firewall.

    Each client has a software firewall/AV too... except for the print server.

    The print server is a HP JetDirect 300x.

    I'm not too too worried about it now, cause Agent_Steal had a great recource. I can kill almost every service running that I don't need. FTP, HTTP, SNMP, eveything...

    I'm always thinking about stupid things like that. I know I don't want an FTP server running on my LAN... even if it can't get out to the net.

    I use samba for my filesharing needs... easy to setup and secure and very very fast.

    Though... I did have a pretty interesting idea for a poor mans logic bomb... I might have to setup a couple test boxes and mess around with that a bit more...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Yeah the hp jetdirects can be used to store files on, size depending on the type of printer. Do a search for a hijetter or pft.

    The suggestions to not put in a default route/gateway is a good one, unless you plan on printing to that printer from a different subnet/network.

  9. #9
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    Here phishphreek80 do a search on this sites for HP JetDirect Print Server ...
    http://www.iis.net
    http://www.cert.org
    http://www.securityfocus.com
    http://www.atstake.com
    you might be able to find something on here ... Hope that helps

    ooops it's
    http://www.iss.net ,,,, not iis sorry about that typo ...
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  10. #10
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    To disable FTP through telnet, type the following command sequence:
    1. ftp-config: 0.
    2. Press Quit.


    i read an article where a guy was gettin ddos attack on one of his servers at a car dealership...he spend days tryin to figure out what it was because the IP was a printer and he never heard that a printer can launch DDoS attacks. He looked for a computer spoofin the IP and so on...he later figured out that the printer had a FTP service running on it (not sayin it was ur HP DirectJet) but someone had uploaded a DDoS program to the printer and thats what was goin on. So yeh a FTP service on a printer can pose as a risk, mainly just DDoS and boggin the printer down with data. We have a printer here with a FTP service and i just password protected it, i'm not sure if i turned it off or not (cant remember) but password protecting it to no one can access/upload to it should do ya just fine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •