Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: FAX a virus

Re: FAX a virus

From: Andrew Wheeler <prime_dreamer_at_yahoo.co.uk>
Date: Fri, 02 Mar 2007 22:52:38 +0000

Hello,

When you say
My FAX server allows me to receive faxes from my clients from Internet.

Are you talking about faxes being routed via H.323/SIP or incoming faxes
being forwarded from a fax machine to a folder or email address.

This is an extract from a manufacturers core technology manual.

IETF (Internet Engineering Task Force) and ITU-T have standardized
procedures for sending fax messages over the Internet as e-mail
attachments.
The message is sent as a TIFF-F format image file attached to a MIME
format e-mail message.
(Some older models can also send DCX image files, depending on a user
setting).
To receive a fax by e-mail, a MIME-compatible mail reader is needed. To
view the fax, a TIFF-F viewer is needed. (For some models, the viewer
should also be able to view DCX files.)
The NIC fax must be connected to a LAN and set up correctly in order to
use Internet fax functions.
There is no need to set up a special server. Existing servers on the LAN
can be used.

If you have not already guest I am a field service engineer and work
with faxes copiers and printers.
Most machines today are hybrids and can do everything. This is not the
first time I have seen this question being asked. A few years ago we
quoted a government department and they had to do a security review on
any piece of equipment that connected to their network (printer) and had
access to the telephone network (fax). They required a letter from the
Manufacturer stating that it was impossible to access the network from
the fax line.

Since then more and more features have been added and I have wondered
about the security implications. Some of the new machines can run
embedded Java applications but require a specially coded SD card and
physical access to install on to the machines(I think the manufacturers
are scared that someone will write a sniffer like program and install it
onto a machine)

I work with machines that can be set up on the local network to receive
faxes over the Internet then forward them via smtp to a users in-box,an
FTP server or to a windows share. The machines I work with run netbsd as
the operating system.

Some machines do allow remote firmware updates mostly via ftp. I also
know of some manufacturers that can remotely connect to a facsimile
machine via the telephone line and adjust the programming (everything
from the quick dials to the fax modem speeds)

I do not know if sending a virus is possible as the machines only deal
with images but with all the other options I am sure someone might see a
possible security problem.

Andrew

On Thu, 2007-03-01 at 10:07 +0530, Alcides wrote:
> Hi lists,
> My FAX server allows me to receive faxes from my clients from Internet.
> My clients send me some documents using their built-in Fax Printer on
> their PC. My fax server routes the stuff to the document processing
> applications. The document processing system extracts various data
> fields from received portable document format files.
> The whole scenario is windows environment and let's assume that virus
> protection is temporarily off.
>
> Now, I have a query:
> Can anyone send a fax that includes a file infected with the virus/ worm
> operates as a VBS script embedded within a PDF/TIF file to cause
> infections to my computers/ to affect my FAX system?
> What about other possibilities of "the bad guys" using some joiner (or
> wrapper as some say) to bind malware (trojan server etc) with the pdf/
> TIF files and fax it to me?
> I would be very greatful to know what are the various possibilities.
>
> Warm regards,
> Alcides.
>
> ---------------------------------------------------------------------------
> This list is sponsored by: BigFix
>
> If your IT fails, you're out of business - or worse. Arm your
> enterprise with BigFix, the single converged IT security and operations
> engine. BigFix enables continuous discovery, assessment, remediation,
> and enforcement for complex and distributed IT environments in real-time
> from a single console.
> Think what's next. Think BigFix.
>
> http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
> ---------------------------------------------------------------------------
>
Received on Mar 06 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos