SNMP search for printers?

From: christian houle (funkbass_at_hotmail.com)
Date: 06/18/03

  • Next message: exon: "Re: Spoofed TCP SYNs w/Winsize 55808 (was: Help with an odd log file...)" 
    To: aaron_cheek@yahoo.com
Date: Wed, 18 Jun 2003 08:36:31 -0400

    this link from phenoelit might give you an idea/possibility:

    (printer exploitation/hacking)

    http://www.phenoelit.de/stuff/19C3.pdf

    All,

    One of my class Cs got SNMP scanned, and wanted to ask
    you what the purpose of this scan you think it might
    be:

    80.200.243.104.1152 > mynet.161: GetRequest(25) .1.3.6.1.4.1.641[|snmp]

    (Apparently an ADSL user at Belgium -
    104.243-200-80.adsl-fix.skynet.be)

    They tried different OIDs: .1.3.6.1.4.1.641 (Lexmark International),
    .1.3.6.1.4.1.11.2 (Hewlett Packard), .1.3.6.1.4.1.480 (QMS, Inc.),
    .1.3.6.1.2.1.43 (3Com).

    All scans had src port 1152.

    What I see in common here is printers. If so, what is
    the purpose of massively scanning for printers?

    Other people seeing this? Any ideas? Any known tool?

    Aaron

    __________________________________
    Do you Yahoo!?
    SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

    ----------------------------------------------------------------------------
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
    world's premier technical IT security event! 10 tracks, 15 training
    sessions,
    1,800 delegates from 30 nations including all of the top experts, from CSO's
    to
    "underground" security specialists. See for yourself what the buzz is
    about!
    Early-bird registration ends July 3. This event will sell out.
    www.blackhat.com
    ----------------------------------------------------------------------------

    _________________________________________________________________
    The new MSN 8: smart spam protection and 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    ----------------------------------------------------------------------------
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
    world's premier technical IT security event! 10 tracks, 15 training sessions,
    1,800 delegates from 30 nations including all of the top experts, from CSO's to
    "underground" security specialists. See for yourself what the buzz is about!
    Early-bird registration ends July 3. This event will sell out. www.blackhat.com
    ----------------------------------------------------------------------------

  • Next message: exon: "Re: Spoofed TCP SYNs w/Winsize 55808 (was: Help with an odd log file...)"

    Relevant Pages

    • SNMP search for printers?
      ... you what the purpose of this scan you think it might ... What I see in common here is printers. ... SBC Yahoo! ... world's premier technical IT security event! ...
      (Incidents)
    • Re: SNMP search for printers?
      ... Some printers allow remote telnet control (Xerox, mainly, running Solaris ... > you what the purpose of this scan you think it might ... world's premier technical IT security event! ...
      (Incidents)
    • RE: SNMP search for printers?
      ... Subject: SNMP search for printers? ... you what the purpose of this scan you think it might ... SBC Yahoo! ... world's premier technical IT security event! ...
      (Incidents)
    • Re: Should I now just go out and buy a Canon?
      ... his only purpose in this group is to promote OEM ... the ip4300 is an obsolete model. ... generally bought my printers at the end of the product run when they were on ... bad price considering that the ink carts alone would cost more! ...
      (comp.periphs.printers)
    • Re: SNMP search for printers?
      ... > One observed prank is to reset the vulnerable device's IP address to ... > that of the subnet router or some important system on the subnet. ... Another is to set the value in the message window (of HP printers). ... world's premier technical IT security event! ...
      (Incidents)