RE: Using a Stand-Alone Network Printer as a network attack entry point?

From: Ofir Arkin (ofir@sys-security.com)
Date: Fri Aug 16 2002 - 12:37:29 EDT

• Next message: Fabrizio Siciliano: "RE: Digital UNIX 5.60 recourses"
• Previous message: Nick Jacobsen: "Using a Stand-Alone Network Printer as a network attack entry point?"
• In reply to: Nick Jacobsen: "Using a Stand-Alone Network Printer as a network attack entry point?"
• Next in thread: Security News: "Re: Using a Stand-Alone Network Printer as a network attack entry point?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Nick, and all

Any network device is a potential caveat for network security.

Printers were and still are a very good network device to be subverted.

Not only by taking full control and installing new software but as well
as a tool to reproduce your CEO's personal letters or just send them
elsewhere (hint, hint)...

As I noted, this is not a new idea but it is still a nice one :)

There are several nice ideas' that are similar, you should check out the
following talks given at BH USA 2002 (presentations are available from:
http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html):

- DC Phone Home, Higbee & Davis
- Attacking Networked Embedded Systems, FX and kim0

Hope this helps

Ofir Arkin [ofir@sys-security.com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA

-----Original Message-----
From: Nick Jacobsen [mailto:nick@ethicsdesign.com]
Sent: 16 August 2002 05:20
To: pen-test@securityfocus.com
Subject: Using a Stand-Alone Network Printer as a network attack entry
point?

Hi all...
    I came up with an idea, one that I've never heard discussed, of
possibly
modifying a stand-alone network printer (like most of the high-end
office
printers, hereafter referred to as a "SNP") to act as a full point to
point
proxy, or at least a simple pass through to the port and IP you specify
in
some sort of configuration. The idea here would be to take a SNP and
modify
a ROM image for the specific printer to include the proxy functionality.
I
realize this could turn out to be quite difficult, but at the same time,
it
would provide a way into the internal network when no others are
available.
Any comments are most DEFINITELY welcome, flames less so, but if it's a
stupid idea, let me know...

Nick Jacobsen
nick@ethicsdesign.com
ethics@netzero.net

------------------------------------------------------------------------

----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Fabrizio Siciliano: "RE: Digital UNIX 5.60 recourses"
• Previous message: Nick Jacobsen: "Using a Stand-Alone Network Printer as a network attack entry point?"
• In reply to: Nick Jacobsen: "Using a Stand-Alone Network Printer as a network attack entry point?"
• Next in thread: Security News: "Re: Using a Stand-Alone Network Printer as a network attack entry point?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:24 EDT