Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:510 |
| Message | POLICY HP JetDirect LCD modification attempt |
| Impact | User confusion and comedy, mostly. |
| Detailed Information | The HP JetDirect printers allow remote machines to change the message that is displayed on the LCD panel. |
| Affected Systems | |
| Attack Scenarios | As part of an attempt to confuse and annoy users, an attacker may attempt to change the previously mentioned message. __ Ease of Attack: Relatively simple. All that is required is a way to connect to the JetDirect port of the victim printer and a minimal knowledge of how JedDirect works. A telnet/nc client would suit the job well, but there are also many featureful programs that'll allow you to accomplish the same ends. |
| Ease of Attack | |
| Corrective Action | Update to the latest JetDirect, and investigate the possibility of restricting access to a central print-server using the "allow: <ip> <netmask>" directive in a printer config file. |
| Additional References | |
| Rule References | arachnids: 302 bugtraq: 2245 |
--
DID:547979
--
http://www.aanval.com/