JetDirect Card DoS exploit?

[Bill Hayes <bhayes () UNLNOTES UNL EDU>]

On Monday,  we saw all of the HP JetDirect-equipped printers go belly up on
one of our subnets.  They would not respond to pings.  We restarted them
and all is going well. I think there might be two possiblities.

First,  someone could have written a DoS script that attacks HP JetDirect
cards, possibly running against Telnet or SNMP. Secondly,  an improperly
configured box with either net discovery or scanning tools could have
caused this problem.

I have seen a Win2K Pro box take out a Xyplex terminal server by scanning
port 23, so perhaps this could have happened. I've been unable to duplicate
this latter possiblity with HP JetDirect cards. The seem to be fine before
and after the scans from a Win2K Pro box.

Is anyone aware of any other possiblities?

Bill...

William Hayes, Computer Specialist, Communications & Information Technology
Network Security Consultant, Information Services Networking & Ops Center
University of Nebraska Lincoln