DOS attack against HP JetDirect Printers (fwd)

[ah () SECURITYFOCUS COM (Alfred Huger)]

Alfred Huger
VP of Engineering
SecurityFocus.com

---------- Forwarded message ----------
Date: Thu, 20 Apr 2000 13:08:47 +0200
From: Paul Knowles <Paul.Knowles () unifr ch>
To: vuldb () securityfocus com
Cc: knowles () pexppc33 unifr ch
Subject: DOS attack against HP JetDirect Printers

Hello,

In case anyone is interested, scanning HP printers with
tools such as nmap will cause the printer to lock up hard.
I discovered this while trying to diagnose a connection
problem we were having with a printer.
I've verified this with at least the following versions of
JetDirect:

Firmware Rev.   : A.08.06
Firmware Rev.   : G.08.03
Firmware Rev.   : G.07.17
Firmware Rev.   : G.07.03

I haven't been able to establish the exact communications
causing the lockup; someone with more experience than I
should check this out.

Any network accessable printer can be put out of service
with a simple nmap -sT -PT HP.printer.tcp.ip
A power cycle is required for reset.

My apologies if i have the wrong email address.
(there is no Submit a Bug instructions on the securityfocus
site).  HP have no bug reporting facilities either...

thanks,

Paul Knowles.
email: Paul.Knowles () unifr ch
finger me at pexppc33.unifr.ch for more contact information