Nmap Development mailing list archives
Re: [PATCH] nmap-service-probes: Misc database corrections, printer additions
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 27 Feb 2009 00:41:34 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Feb 2009 18:30:00 -0600 Tom Sellers <nmap () fadedcode net> wrote:
# The following line matches IPDS (IBM's Intelligent Printer Data Stream) on port 9600 match ipds m|^%%\[ Error: syntaxerror; Offending Command:|s p/IPDS Service/ d/printer/
Hi Tom, That service error is actually JetDirect. To call the service "intelligent" is quite entertaining. I've played with poking at JetDirect quite a bit and it seems that certain binary probes can trigger an error. Most HP printers will respond to a few of the probes. I was able to cook up a few probes that are even more likely to trigger a JetDirect error. I was only testing against HP printers though so this IBM printer might not respond to these probes. They are: ##############################NEXT PROBE############################## Probe TCP Jetdirect-error q|\x01\xc2\x00\x01\x02\x03\x04| rarity 9 ports 9100-9107 And ##############################NEXT PROBE############################## Probe TCP Jetdirect-error2 q|\x00\x1e\x00\x01\x02\x03\x04| rarity 9 ports 9100-9107 The match lines for these probes are: match jetdirect m/^\x40PJL USTATUS.*ONLINE=(TRUE|FALSE)/s p/Jetdirect/ i/Online: $1/ d/printer/ match jetdirect m|^%%\[ status: busy; source: ([\w\d]+) \]%%\r?\n$| p/Jetdirect/ i/busy; source: $1/ d/printer/ # This is a very flexible regex to try to catch most of the variations on the error match jetdirect m/^(?:\x04)?%%\[ Error: (?:undefined|limitcheck); Offending ?Command: .+ ?\]%%\r?\n(?:%%\[ Flushing: rest of job \(to end[ -]of[ -]file\) (?:will be ignored )?\]%%\r?\n)?(?:\x04)?$/s p/Jetdirect/ i/error/ d/printer/ These probes and matches need more testing and engineering time. Have you found a document describing the JetDirect protocol? I'd like to cook up a better probe that will more generically trigger JetDirect output. My ultimate goal with these probes and matches to to be able to stop excluding 9100-9107 by default. If we can get a set of probes and matches to catch JetDirect then other probes won't be sent, causing the printers to output junk. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmnNsUACgkQqaGPzAsl94I1qQCbBx/cKDGDLoK1OQE3wYyInaXb L+gAn37U0fB3g3lI7hup5GKfGutFhvPg =9i49 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] nmap-service-probes: Misc database corrections, printer additions Tom Sellers (Feb 26)
- Re: [PATCH] nmap-service-probes: Misc database corrections, printer additions Brandon Enright (Feb 26)
- Re: [PATCH] nmap-service-probes: Misc database corrections, printer additions Fyodor (Feb 26)
- Re: [PATCH] nmap-service-probes: Misc database corrections, printer additions Brandon Enright (Feb 26)
- RE: [PATCH] nmap-service-probes: Misc database corrections, printer additions Aaron Leininger (Feb 27)
- Re: [PATCH] nmap-service-probes: Misc database corrections, printer additions Brandon Enright (Feb 27)
- Re: [PATCH] nmap-service-probes: Misc database corrections, printer additions Brandon Enright (Feb 27)
- RE: [PATCH] nmap-service-probes: Misc database corrections, printer additions Aaron Leininger (Feb 27)
- Re: [PATCH] nmap-service-probes: Misc database corrections, printer additions Fyodor (Feb 27)
- RE: [PATCH] nmap-service-probes: Misc database corrections, printer additions Aaron Leininger (Mar 01)
- Re: [PATCH] nmap-service-probes: Misc database corrections, printer additions Brandon Enright (Feb 26)