Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Using a Stand-Alone Network Printer as a network attack entry point?
From: "Nick Jacobsen" <nick () ethicsdesign com>
Date: Fri, 16 Aug 2002 13:01:50 -0700

gar...  I missed BOTH defcon 10 and BHB this year...  anyway, Regarding
changing the ROM, I was refering to using TFTP to lead a new Flash ROM,
which can be done remotely...  And Ron, am I understanding you to say that
JetDirect have telnet functionality built in?  Also, apoligies for thinking
this might be an original idea...  I really had never heard of it being done
to any stand alone printers...

Nick Jacobsen
ethics () netzero net

----- Original Message -----
From: <recompiler () taurus omnistep com>
To: "Nick Jacobsen" <nick () ethicsdesign com>
Cc: <pen-test () securityfocus com>
Sent: Friday, August 16, 2002 10:13 AM
Subject: Re: Using a Stand-Alone Network Printer as a network attack entry
point?


Nick,
 This idea has been discussed in great detail at Defcon 10, and numerous
other venues. I'm surprised you have never heard of it before. In fact at
Defcon 10 new tools and methods were discussed. There were 2 panels that
dealt with it, one was called attacking embeded systems, and the other was
called network devices. I suggest you get your hands on a copy of the CD
that was distributed at defcon. It contains all the slides used in
presentations, and a lot of tools, and references.

Vlad G.

 On Thu, 15 Aug 2002,
Nick Jacobsen wrote:

Hi all...
    I came up with an idea, one that I've never heard discussed, of
possibly
modifying a stand-alone network printer (like most of the high-end
office
printers, hereafter referred to as a "SNP") to act as a full point to
point
proxy, or at least a simple pass through to the port and IP you specify
in
some sort of configuration.  The idea here would be to take a SNP and
modify
a ROM image for the specific printer to include the proxy functionality.
I
realize this could turn out to be quite difficult, but at the same time,
it
would provide a way into the internal network when no others are
available.
Any comments are most DEFINITELY welcome, flames less so, but if it's a
stupid idea, let me know...

Nick Jacobsen
nick () ethicsdesign com
ethics () netzero net



--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]