|
Penetration Testing
mailing list archives
Re: Using a Stand-Alone Network Printer as a network attack entry point?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 16 Aug 2002 12:30:04 -0400 (EDT)
Most printers in a tcp/ip setting have all the network functionality
enclosed. I recall years back when I would slip into a UofM printer,
then telnet off that into a printer at Mankato State, and telnet off
that...
So, if you can reach the printer <which, if the network folks know their
stuff, yer not able to get to from the outside, and should be forbidden
to go outside from if you are sitting within the soft-chewy center>, yer
already there <smile>. Jetdirect cards have never been a security
item...why even try to reinvent the wheel? Unless I'm misunderstanding
you here.
Thanks,
Ron DuFresne
On Thu, 15 Aug 2002, Nick Jacobsen wrote:
Hi all...
I came up with an idea, one that I've never heard discussed, of possibly
modifying a stand-alone network printer (like most of the high-end office
printers, hereafter referred to as a "SNP") to act as a full point to point
proxy, or at least a simple pass through to the port and IP you specify in
some sort of configuration. The idea here would be to take a SNP and modify
a ROM image for the specific printer to include the proxy functionality. I
realize this could turn out to be quite difficult, but at the same time, it
would provide a way into the internal network when no others are available.
Any comments are most DEFINITELY welcome, flames less so, but if it's a
stupid idea, let me know...
Nick Jacobsen
nick () ethicsdesign com
ethics () netzero net
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
|
Intro
