Date: Fri, 28 Jan 2000 15:15:54 -0700 From: Brett Glass <brett@lariat.org> To: James Wyatt <jwyatt@rwsystems.net> Cc: Matthew Dillon <dillon@apollo.backplane.com>, security@FreeBSD.ORG Subject: Re: Riddle me this Message-ID: <4.2.2.20000128150919.046e33e0@localhost> In-Reply-To: <Pine.BSF.4.10.10001272333130.41265-100000@bsdie.rwsystems. net> References: <4.2.2.20000127171529.00c56a00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:40 PM 1/27/2000 , James Wyatt wrote: > > And it gets worse. The default address of the print server hardware -- which > > the client software tries to reach when it's setting up -- is (are you ready?) > > 192.0.0.192. > >It can get even worse... My biggest employer thought the feature was quite >cool given 12,000+ NT workstations and a *lot* of laser printers scattered >over at least 28 states. This feature can be fantastic, but it also walked >right out to The Internet and began discovering a *lot* of printers all >over the planet! We got calls from some DOD sites, we found we could >control printers in Southeast Asia, we ran *very* low on disk, ... - Jy@ Yep. In this case, it was just causing ICMP storms because a Cisco router several hops upstream was blocking the address. Unfortunately, because so much HP hardware is deployed out there, the address is both useless (one doesn't dare assign anything to it) and dangerous to pass (for the reasons you mention above). And it gets worse. JetDirect print servers and adapters are extremely easy to hack. I won't go into the details here, but suffice to say that if people from the outside can reach the print server, they can easily "own" your network. It might be a good idea to add that default address to the recommended sets of rules for IPFW and IPFilters. I saw a good ruleset for IPFW go by on this list only a few days ago; perhaps we can throw in one which catches 192.0.0.192 as well. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000128150919.046e33e0>