Hacker News new | ask | show | jobs
by mattkirman 4888 days ago
A few months ago I erroneously port scanned our office HP networked printers (I meant to scan our internal servers but a typo meant I selected the wrong IP range). As soon as nmap encountered the JetDirect ports every single printer spewed out a dozen pages of total gibberish. Put it this way - I bet the owners of the printers you just scanned are slightly puzzled why their printer kicked into life.

More worryingly is that on many unpatched HP printers[1] it is entirely possible to push an unauthorised firmware update through port 9100.[2]

--

[1] Enabling OS updates is one thing but I wonder how many businesses actively update their printers to the latest firmware versions?

[2] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.js...
1 comments
cs702 4888 days ago
mattkirman: nothing happened to the owners of those printers, because I didn't run nmap with the "--allports" option. As the man page explains, by default nmap doesn't send anything to port 9100 precisely to avoid running into this issue:

  --allports (Don't exclude any ports from version detection).
      By default, Nmap version detection skips TCP port 9100 because some
      printers simply print anything sent to that port, leading to dozens
      of pages of HTTP GET requests, binary SSL session requests, etc.
      This behavior can be changed by modifying or removing the Exclude
      directive in nmap-service-probes, or you can specify --allports to
      scan all ports regardless of any Exclude directive.
link