Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Jan 2000 15:15:54 -0700
From:      Brett Glass <brett@lariat.org>
To:        James Wyatt <jwyatt@rwsystems.net>
Cc:        Matthew Dillon <dillon@apollo.backplane.com>, security@FreeBSD.ORG
Subject:   Re: Riddle me this
Message-ID:  <4.2.2.20000128150919.046e33e0@localhost>
In-Reply-To: <Pine.BSF.4.10.10001272333130.41265-100000@bsdie.rwsystems. net>
References:  <4.2.2.20000127171529.00c56a00@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
At 10:40 PM 1/27/2000 , James Wyatt wrote:

> > And it gets worse. The default address of the print server hardware -- which
> > the client software tries to reach when it's setting up -- is (are you ready?)
> > 192.0.0.192.
>
>It can get even worse... My biggest employer thought the feature was quite
>cool given 12,000+ NT workstations and a *lot* of laser printers scattered
>over at least 28 states. This feature can be fantastic, but it also walked
>right out to The Internet and began discovering a *lot* of printers all
>over the planet! We got calls from some DOD sites, we found we could
>control printers in Southeast Asia, we ran *very* low on disk, ... - Jy@

Yep. In this case, it was just causing ICMP storms because a Cisco router
several hops upstream was blocking the address.

Unfortunately, because so much HP hardware is deployed out there, the
address is both useless (one doesn't dare assign anything to it) and
dangerous to pass (for the reasons you mention above). And it gets
worse. JetDirect print servers and adapters are extremely easy to
hack. I won't go into the details here, but suffice to say that if
people from the outside can reach the print server, they can easily "own" 
your network.

It might be a good idea to add that default address to the recommended sets of 
rules for IPFW and IPFilters. I saw a good ruleset for IPFW go by on this 
list only a few days ago; perhaps we can throw in one which catches 192.0.0.192 
as well.

--Brett




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000128150919.046e33e0>