RE: SNMP search for printers?

From: Dave Killion (Dkillion_at_netscreen.com)
Date: 06/18/03

  • Next message: morning_wood: "Re: SNMP search for printers?" 
    To: "'Aaron Cheek'" <aaron_cheek@yahoo.com>, incidents@securityfocus.com
Date: Wed, 18 Jun 2003 09:44:50 -0700

    My memory is very fuzzy on this, but I seem to remember there being some
    very interesting extensions to the PostScript language that could command
    the printer to do fun things like "don't purge the print spool" and
    "redirect the print spool to system 'x'" - A properly formatted PS
    document could own your printer.

    Networked printers are nearly ubiquitous in most companies today - fear
    your printer!

    -Dave

    -----Original Message-----
    From: Aaron Cheek [mailto:aaron_cheek@yahoo.com]
    Sent: Tuesday, June 17, 2003 5:49 PM
    To: incidents@securityfocus.com
    Subject: SNMP search for printers?

    All,

    One of my class Cs got SNMP scanned, and wanted to ask
    you what the purpose of this scan you think it might
    be:

    80.200.243.104.1152 > mynet.161: GetRequest(25)
    .1.3.6.1.4.1.641[|snmp]

    (Apparently an ADSL user at Belgium -
    104.243-200-80.adsl-fix.skynet.be)

    They tried different OIDs: .1.3.6.1.4.1.641 (Lexmark
    International), .1.3.6.1.4.1.11.2 (Hewlett Packard),
    .1.3.6.1.4.1.480 (QMS, Inc.), .1.3.6.1.2.1.43 (3Com).

    All scans had src port 1152.

    What I see in common here is printers. If so, what is
    the purpose of massively scanning for printers?

    Other people seeing this? Any ideas? Any known tool?

    Aaron

    __________________________________
    Do you Yahoo!?
    SBC Yahoo! DSL - Now only $29.95 per month!
    http://sbc.yahoo.com

    -------------------------------------------------------------------------- 

    --
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from
CSO's to
"underground" security specialists.  See for yourself what the buzz is
about!
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
--------------------------------------------------------------------------
--

  • Next message: morning_wood: "Re: SNMP search for printers?"

    Relevant Pages

    • Re: Should I now just go out and buy a Canon?
      ... his only purpose in this group is to promote OEM ... the ip4300 is an obsolete model. ... generally bought my printers at the end of the product run when they were on ... bad price considering that the ink carts alone would cost more! ...
      (comp.periphs.printers)
    • SNMP search for printers?
      ... you what the purpose of this scan you think it might ... What I see in common here is printers. ... world's premier technical IT security event! ... This event will sell out. ...
      (Incidents)
    • Re: SNMP search for printers?
      ... Some printers allow remote telnet control (Xerox, mainly, running Solaris ... > you what the purpose of this scan you think it might ... world's premier technical IT security event! ...
      (Incidents)
    • SNMP search for printers?
      ... you what the purpose of this scan you think it might ... What I see in common here is printers. ... SBC Yahoo! ... world's premier technical IT security event! ...
      (Incidents)
    • Re: Printer.Print and underscore character
      ... "Tim Rude" wrote in message ... CurrentY properties. ... But the purpose of my post was merely to point out the problem with Printer Underline in Vista and to suggest a way around it. ... It will not be totally accurate of course with respect to the x xoordinate on most printers under certain conditions but it will be quite close. ...
      (microsoft.public.vb.general.discussion)