Home page logo
/

basics logo Security Basics mailing list archives

Re: Vulnerability testing in analog modem
From: jfvanmeter () comcast net
Date: Mon, 29 Oct 2007 16:21:04 +0000

I had a similar pen test, it was on a xerox docucentra, I had several concerns with the multifunction printer

1. there was/is no auditing of the fax connection, so I could try and try and no one would never know about the attack.
2. the printer also had a web server, so I copied some test file to the hd and set up my very own web site.

i believe it is possible to break out of the modem connection, via some type of diagnotic route and get access to the 
network.

I recommend that to my client that they configure the phone jack for outgoing calls only., turn off the web server, set 
passwords, etc. 

I would be interested in hearing anyones thoughts about this. I have a test coming up for a client on a multi function 
printer

Take Care and Have Fun --John

 -------------- Original message ----------------------
From: rohnskii () gmail com
I don't know about connecting through the fax to the network but there is 
another security concern to think about.


Fax machines, and printers, that have an internal HD for document storage can be 
a security concern.  When the machine is sent out for servicing or retired there 
may be retrievable document images with confidential information on them.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]