I can only imagine the pandimonium that would occur. LOL.
"Hunny what happened to the coffee maker?"
"Nothing just another hacker got into it." LOL
PeacE
-BoB
Printable View
I can only imagine the pandimonium that would occur. LOL.
"Hunny what happened to the coffee maker?"
"Nothing just another hacker got into it." LOL
PeacE
-BoB
Wow, I have seen quite a few odd things, but I have never seen or heard of a printer DoS'ing a computer. That is quite interesting. Now everyone has to start putting permissions on printers that deny connections, not only print jobs now; before it was sufficient to just limit printing to local subnets, now it looks like we will have to have dedicated boxes for printers after all, just set iptables to drop all packets that don't come from LAN IP's.
Interesting, this coincides with a conversation I had just this week with a friend who is using a printer as a honeypot.
I have always locked down my printers because they ALL have web servers and since it's a web server I have always thought... hmmm. And even the older ones you could telnet to. This is one of the most interesting articles I have read in a long time. :)
Yep, and to take this a step farther (I love doing that :)), you can actually ftp to HP print servers and upload *tons* of garbage to the print server rendering it useless. Today you find HP jet direct print servers with a Webserver, FTP service and Telnet service. All are wide open out of the box and the great thing about HP is they give you the Jet Admin software, which, you guessed it, out of the box is wide open. This means that you can down printing services enterprise-wide in minutes if you don't take the necessary steps to lock down a print server.
One more side note: When I started at my current position, I found print servers (i.e. Jet Direct Print Servers) used as mini WAREZ servers. They have enough space to house toolz and other nasty business.
Keep your eyes on other internal hardware in the months to come. You'll see an increase in attacks on devices that admins typically don't think about.
I find it amazing and interesting that an entire network was compromised by a single model set of HP printers. Sure there were other issues, but the system was compromised based on accessing a printer and then re-compromised later by the same doorway.