Home page logo

nmap-dev logo Nmap Development mailing list archives

RE: NMAP and HP JetDirect port
From: "Uri Gilad" <ugilad () forescout com>
Date: Tue, 14 Jun 2005 10:43:18 +0300

The point was not to fix the vulnerability. I even think this may be considered a feature with correct access control. 
The question is how do I avoid sending data to this port only (or similar ones on other printers). 


-----Original Message-----
From: hutuworm 
Sent: Tuesday, June 14, 2005 9:24 AM
To: Uri Gilad
Subject: Re: NMAP and HP JetDirect port

I think it should be JetDirect's vulnerability, it's better to suggest
HP to fix the JetDirect protocol implementation, since you can't
prevent other scanners or whatever sending packets to 9100/TCP port.

On 6/14/05, Uri Gilad wrote:
        this issue has been raised before, but to recap :
running nmap -sO or nmap -sV on a host, not specifying a specific port will send data to port 9100/TCP .
HP printers use this port for the JetDirect protocol, meaning the printer will happily print whatever
strings the nmap throws at it in attempt to detect the protocol used on this port. This will consume large
amounts of paper, and is an unwanted side effect in almost every scenario.

It seems that commenting out 9100/TCP in nmap-services will alleviate this problem.

Two questions arise:

1. Is this the best method to cause nmap to skip 9100/TCP in scanning a host.
2. Have anyone experianced any similar problems with printers (we only have one
brand of printers...)


Uri Gilad.

Sent through the nmap-dev mailing list

In doG We Trust

Sent through the nmap-dev mailing list

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]