Re: Nimda affecting HP LaserJet / JetDirect devices?

[Trey Valenta <trey () anvils org>]

On Fri, Sep 21, 2001 at 06:02:35PM -0700, (obnoxiously encoded in
base64a) auto241065 () hushmail com wrote:
> How the heck does it infect a printer? I was under the impression that
> codered and Nimda "infected" windows operating systems. I've heard the
> volume of traffic created could DOS devices like printers that used
> HTTP for management. I thought the original poster was either joking
> or the victim of a practical joke, but after a second post I must be
> the butt of the joke.

To the best of my knowledge, HP printer issues from Code Red weren't from
traffic *volume*, but from content. The HTTP commands were causing the
printer's print server software to shut down when running older firmware
versions for the JetDirect interface.

In this instance, I think (I haven't experienced this issue, but am
basing this assumtion on the earlier statements) the worm would be
sending PJL commands to HP printers. Note that PJL (Printer Job
Language) is not PCL (Printer Command Language). PCL allows
specification of the document being printed, while PJL allows for
changing menu settings on some of the LaserJet printers.  This includes
being able to change the disply message.

The next time someone prints, the printer should have the default
display message. The command to set the display is something like:

-12345X@PJL RDYMSG DISPLAY="your message here" 
-12345X

I'll leave the Google search as an exersize to the reader.

-- 
trey valenta trey () anvils org seattle     (maybe a) random quote--v
The best thing about growing older is that it takes such a long time.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com