|
Penetration Testing
mailing list archives
Re: Dumping Data From Printers
From: Gary Warner <gar () askgar com>
Date: Thu, 08 May 2008 20:33:04 -0500
Paul Melson wrote:
what would be the greatest risk if network admin leave Network printers
without password protected.
Actually, my favorite demonstration of how EVERY DEVICE ON THE NETWORK
MUST BE SECURE was to find a printer on the same subnet as something
sensitive (Mainframes work nicely for this demo) and then change the IP
address of the printer to match the IP address of the mainframe.
If there isn't a sensitive server handy, setting the printer to have the
same IP address as the Default Network Gateway for its network segment
is also an effective demo.
--
--------------
Gary Warner
Director of Research in Computer Forensics
The University of Alabama at Birmingham
gar () cis uab edu gar () askgar com
--------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: Dumping Data From Printers, (continued)
|
Intro
