Hosting Provided By

Re: SNMP search for printers?

From: exon <exon(at)home.se>
Date: Wed Jun 18 2003 - 11:28:46 EDT

Some printers allow remote telnet control (Xerox, mainly, running Solaris 8 I think), and all of those come with root password left blank. An attacker can then install sniffers and whatnot on the printer, which happily runs on with practically no slowdown.

Also, network connected fax machines can be used to send faxes from remote locations, and guess who gets to pay the bill...

Check your printers/faxes manuals to see if they are susceptible.

/Andy

On Tue, 17 Jun 2003, Aaron Cheek wrote:

> All,
>
> One of my class Cs got SNMP scanned, and wanted to ask

Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com

Received on Wed Jun 18 17:31:41 2003

This message: [ Message body ]
Next message: Michael H. Warfield: "Re: Spoofed TCP SYNs w/Winsize 55808 (was: Help with an odd log file...)"
Previous message: Michael H. Warfield: "Re: sdbot variant and port 55808 activity"
In reply to: Aaron Cheek: "SNMP search for printers?"
In reply to christian houle: "SNMP search for printers?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:09 EDT