From owner-freebsd-security Thu Jan 27 21:50:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 0F57815562 for ; Thu, 27 Jan 2000 21:49:57 -0800 (PST) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1995 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Thu, 27 Jan 2000 23:40:41 -0600 (CST) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Thu, 27 Jan 2000 23:40:35 -0600 (CST) From: James Wyatt To: Brett Glass Cc: Matthew Dillon , security@FreeBSD.ORG Subject: Re: Riddle me this In-Reply-To: <4.2.2.20000127171529.00c56a00@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 27 Jan 2000, Brett Glass wrote: > At 09:25 PM 1/26/2000 , Matthew Dillon wrote: > > It's hard to say without doing a continuous tcpdump but the most likely > > possibility is that someone was playing a game or doing something else > > related to sending and receiving UDP packets, and then disconnected. > > Actually, I think I just found out what it was. > > Two words: HP JetAdmin. > > Apparently, some people at the site just got a new JetDirect print server. > When you install the client software, it sets itself up -- by default -- > to test EVERY IP ADDRESS IN THE SUBNET to see if it has an HP print server > on it. > > And it gets worse. The default address of the print server hardware -- which > the client software tries to reach when it's setting up -- is (are you ready?) > 192.0.0.192. It can get even worse... My biggest employer thought the feature was quite cool given 12,000+ NT workstations and a *lot* of laser printers scattered over at least 28 states. This feature can be fantastic, but it also walked right out to The Internet and began discovering a *lot* of printers all over the planet! We got calls from some DOD sites, we found we could control printers in Southeast Asia, we ran *very* low on disk, ... - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message