Hosting Provided By

Re: SNMP search for printers?

From: Chris Reining <creining(at)packetfu.org>
Date: Tue Jun 17 2003 - 23:39:10 EDT

Aaron,
While I don't recall seeing this scan recently, it comes as no surprise. Networked printers are rather ubiquitous and are usually passed off as being secure because it's just a device that prints and nothing more. However, this false sense of security is particularly bad as a lot of printers these days have multiple services running some of which are most likely exploitable. The SNMP scan that you saw would be typical of an attacker looking for internet facing printers with default strings in order to reconfigure the printer at their will. The possibility for malicious activity if they garner remote access passwords then follows - setting up a sniffer, using the printer as an attack point, mapping an internal network, running a warez site (yes, they have ide/scsi drives).

Maybe someone should set up a printer honeypot ;)

HTH,
Chris

On Tue, Jun 17, 2003 at 05:49:19PM -0700, Aaron Cheek wrote:
> All,
>
> One of my class Cs got SNMP scanned, and wanted to ask

application/pgp-signature attachment: stored

Received on Wed Jun 18 11:42:13 2003

This message: [ Message body ]
Next message: Jim Butterworth: "RE: Spoofed TCP SYNs w/Winsize 55808 (was: Help with an odd log file...)"
Previous message: Aaron Cheek: "Re: UDP/41170"
In reply to Aaron Cheek: "SNMP search for printers?"
Next in thread: exon: "Re: SNMP search for printers?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:09 EDT

Do you need help?