From owner-freebsd-security  Thu Jan 27 21:50:25 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id 0F57815562
	for <security@FreeBSD.ORG>; Thu, 27 Jan 2000 21:49:57 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1995 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m12E49B-000CCSC@bsdie.rwsystems.net>
	for <security@FreeBSD.ORG>; Thu, 27 Jan 2000 23:40:41 -0600 (CST)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Thu, 27 Jan 2000 23:40:35 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: Brett Glass <brett@lariat.org>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	security@FreeBSD.ORG
Subject: Re: Riddle me this
In-Reply-To: <4.2.2.20000127171529.00c56a00@localhost>
Message-ID: <Pine.BSF.4.10.10001272333130.41265-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 27 Jan 2000, Brett Glass wrote:
> At 09:25 PM 1/26/2000 , Matthew Dillon wrote:
> >    It's hard to say without doing a continuous tcpdump but the most likely
> >     possibility is that someone was playing a game or doing something else
> >     related to sending and receiving UDP packets, and then disconnected.  
> 
> Actually, I think I just found out what it was.
> 
> Two words: HP JetAdmin.
> 
> Apparently, some people at the site just got a new JetDirect print server.
> When you install the client software, it sets itself up -- by default --
> to test EVERY IP ADDRESS IN THE SUBNET to see if it has an HP print server
> on it.
> 
> And it gets worse. The default address of the print server hardware -- which
> the client software tries to reach when it's setting up -- is (are you ready?)
> 192.0.0.192.

It can get even worse... My biggest employer thought the feature was quite
cool given 12,000+ NT workstations and a *lot* of laser printers scattered
over at least 28 states. This feature can be fantastic, but it also walked
right out to The Internet and began discovering a *lot* of printers all
over the planet! We got calls from some DOD sites, we found we could
control printers in Southeast Asia, we ran *very* low on disk, ... - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message