Re: Dumping Data From Printers

ahgaber_rehan@xxxxxxxxx wrote:
I wonder if there is a tool that can enable a person to dump the print jobs , or data sent to Network Printers?

Another question

what would be the greatest risk if network admin leave Network printers without password protected.

i can telnet to the printer, gain access to the configuration file, which can enable me to stop the printer function, changing network configuration. But istill see the greatest risk is getting the printed data. any one can advice on this ??


You would be surprised what an nmap of most printers will find. For non-HP low-end
to mid-range printers, you will find they are often running NetBSD. And this is
usually an ancient, unpatched version with known exploitable vulnerabilities.

If the printer is a high-end printer, it is probably running some unpatched version
of Windows or Solaris. Again, O/Ses with well known exploitable vulnerabilities.

You would be amazed how easy it is to take over a printer. Once you do, then it
becomes trivial to send a copy of all print jobs to some ftp server somewhere.

And try to get a printer manufacturer to get even 1/10000th a clue.

Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
m: 843-224-2494




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: Is VMS losing the Financial Sector, also?
    ... the web from the server. ... I suggested using only localhost or a private network but, ... In the Army we call that Risk Management and it can be applied to ... I was talking about business laptops that are locked down. ...
    (comp.os.vms)
  • Re: Risk Ranking...
    ... get his book The Tao of Network Security Monitoring. ... I had the same problem as you when I was trying to come up with some risk ... The vulnerability must be exploited locally. ... If a piece of malware is a blended threat (able to exploit multiple ...
    (Security-Basics)
  • Re: IPMSG.EXE
    ... > based network messeging program ipmsg.exe downloaded from some site.I ... If you have a large number of users who are circumventing a security policy, ... "keep doing this and you risk being fired". ...
    (microsoft.public.security)
  • Re: Its a copier, no its a computer...
    ... least, non public) code, you are at risk... ... capable device to connect to some network that all phone bills wont ... log or firewalls wont track... ... much time and effort you have invested into the security of your ...
    (comp.security.firewalls)
  • Re: True definition of Intrusion Prevention
    ... > checks are even contextually relevant to the customers environment? ... The user knows what assets they are trying to protect with the ... network security is a difficult problem that is ... disregard for their own risk and the risk they pose to others. ...
    (Focus-IDS)