Bugtraq mailing list archives
Re: HP Laserjet 4M Plus DirectJet Problem
From: wpaul () CTR COLUMBIA EDU (Bill Paul)
Date: Sun, 5 Oct 1997 11:14:46 -0400
Of all the gin joints in all the towns in all the world, Klaus Steding-Jessen had to walk into mine and say:
I don't know if this is a well known HP printer problem, but I've found no references of it on the bugtraq archives. It is possible to bypass lpd and page accounting on a HP PostScript printer attached to an ethernet card sending PostScript directly to tcp ports 9099 and 9100 from any machine over the network.
This information may not be documented in the owner's manual for the printer itself, but it should be mentioned in the JetDirect card's manual somewhere. Or, at the very least, it should be mentioned in the documentation for the JetAdmin for UNIX software, which is what generally uses these ports.
I've tested on a HP Laserjet 4M Plus DirectJet, connecting to port 9099 or 9100 tcp and printing PostScript documents.
This is a feature of the JetDirect card; it's not unique to any particular printer. All JetDirect cards with TCP/IP support behave this way (modulo a few firmware tweaks).
There is no way to tell the printer to accept connections only from a range of valid IPs.
This is not true. It is possible to restrict the printer to accept connections from fromn either a short list of IP addresses or a subnet range. However, you must boot the printer via BOOTP in order to do this: if you configure the printer's IP address directly from the front panel, it won't work. You need to have a version of bootpd that supports vendor extensions running on a machine to act as a boot server for the printer. (The bootpd that ships with SGI IRIX is an example of one which doesn't support vendor extensions; you'll need to download and install a newer bootpd if you run IRIX.) In the bootptab file, you can configure the printer's IP address, subnet mask, default gateway, _and_ you can supply a vendor-specific option that specifies the name of a configuration file that the printer should load. Once the printer receives the bootp response and sets its IP address, it will attempt to TFTP the configuration file from the bootp server host. The configuration file contains settings for things such as 'contact information,' 'system location' and host access restrictions. All of this information can be viewed via SNMP using the 'hpnpadmin' program that comes with the JetAdmin software for UNIX. The config file can also be used to set the printer's SNMP community name. Hpnpadmin can also show you the printer's model number and capabilities, it's current status, connection and printing statistics, and what message is currently showing on the printer's front panel display. In any case: once you set the host access list, only machines with those IP addresses specified in the list will be able to send data to the printer. All others will get a 'connection refused' error. All of the information concerning how to set up bootpd and the config files (including examples) should be available with the documentation for the UNIX JetAdmin software. (Curiously, the I think the PC/Lose95/LoseNT version of JetAdmin is only designed to work with Netware.) You can get the JetAdmin software off of one of HP's FTP servers.
Anyone can confirm this with other printers? I think HP 5M is also vulnerable, but I've not tested.
It's not a bug, it's a feature. :) All HP printers with JetDirect cards configured for TCP/IP will behave like this. People who aren't aware of this are guilty of not RTFM'ing. -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul () ctr columbia edu | Center for Telecommunications Research Home: wpaul () skynet ctr columbia edu | Columbia University, New York City ============================================================================= "Now, that's "Open" as used in the sentence "Open your wallet", right?" =============================================================================
Current thread:
- HP Laserjet 4M Plus DirectJet Problem Klaus Steding-Jessen (Oct 04)
- Re: HP Laserjet 4M Plus DirectJet Problem Darren Reed (Oct 04)
- Re: HP Laserjet 4M Plus DirectJet Problem Bill Paul (Oct 05)
- <Possible follow-ups>
- Re: HP Laserjet 4M Plus DirectJet Problem David LeBlanc (Oct 05)
- Re: HP Laserjet 4M Plus DirectJet Problem lee () SWIFTMAIL COM (Oct 13)