Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Printer exploit?

From: "Rocket Downing" <rdowning () verio net>
Date: Thu, 28 Jun 2001 12:13:13 -0400
if all of your check on aris.securityfocus.com you will find one of the
advisories discusses a lpd worm that autohacks systems...
this could be the cause of port scans being logged in a lot of your systems.
SEClpd.c is also an easily used script kiddie exploit.

-----Original Message-----
From: John Leach [mailto:john () ecsc co uk]
Sent: Thursday, June 28, 2001 9:38 AM
To: incidents () securityfocus com
Subject: Re: Printer exploit?


We've noticed a sudden influx of tcp 515 printer port scans over the
last month on nearly all of our boxes (different sites, different isps)

We *do* have a *really* good HP colour laserjet, I guess the word got
out.

John.
ECSC Ltd.
http://www.ecsc.co.uk



  More than a few of our networked HP Laserjet printers have been
sporadically printing out entire trays of paper that have a '1', 'u', 'i'
in the upper right hand corner of the page, -or- a string of text along
the top of the page.  The jobs don't appear on the queue.  This problem
was noticed very rarely beginning a couple of months ago, but has
increased in frequency over the last two evenings. ...






----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:

http://aris.securityfocus.com



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: