In case you all haven’t found the root of it
https://storify.com/weev/a-small-experiment-in ______________________________________________ Debra Goldentyer 510-643-3847 | goldent...@berkeley.edu *From:* micronet-list-boun...@lists.berkeley.edu [mailto: micronet-list-boun...@lists.berkeley.edu] *On Behalf Of *Jay BRYON *Sent:* Monday, March 28, 2016 10:44 AM *To:* Micronet List *Subject:* Re: [Micronet] Neo-Nazi Printer Spam As one of the network guys, the issue I often see over and over again with regards to printer security is simply that: Nobody knew that A) it was an issue, or if they did then: B) that there are mitigation strategies available and/or, C) How to ask for help from IST (particularly network resources). Since that last bit is of particular painfulness, here: http://telcat.berkeley.edu/ Telcat has the new vastly improved ordering system for network services among other things, in the Telecom Catalog. (Note: the shopping cart is no longer, ignore it and/or celebrate). Here you could order the services to move your printer to RFC1918 space (campus only networking, which isn't a total solution but would probably cut down the noise a bit). There is also the campus firewall service, which is free, and also the option of moving printers to their own subnet to separate them out and make it easier to secure them via the FW service etc. (Note, you will need to configure rules, it's not magic). All these options are freely available, emphasis on free. The only thing charged for these days is cable installs, which are likely not to apply here, since we're talking about printers already on the network. If you don't see what you want in the catalog, request "Other Data Networking Service Request" and a general description of your objective, and we'll consult and see what can be done. (OTOH- if something is non-functional/broken, then file a trouble ticket via the service desk, that's a different animal.) This is just me speaking out of personal observation and experience/knowledge, but I'm unaware of any inaccuracies of the above statements. Not an official IST departmental position or statement of course. </$0.02> -Jay On Fri, Mar 25, 2016 at 8:55 AM, Paul Rivers <priv...@berkeley.edu> wrote: I certainly agree there is a problem with printer security across the campus. In my view, the problem is not a result of lack of information about subnets, vulnerabilities and/or attack vectors. We can (and already do) bury the campus in this kind of information. I would be interested in continuing the conversation and offering my view of why something like printer security continues to be a problem, and this might be a good opportunity to discuss this year's funding proposal for information security. However, we should move this discussion off of micronet. Micronet is very public. (The likely culprit behind this latest wave of printer spamming has already posted this micronet threat in his twitter feed, for example.) If you are not a member of UCB-security, perhaps join there first, and we can continue the discussion there? https://security.berkeley.edu/resources/mailing-lists-workgroups/ucb-security-mailing-list Paul On Fri, Mar 25, 2016 at 8:27 AM, Alex Warren <alex.war...@berkeley.edu> wrote: Paul, I actually think what this shows is the lack of security people put into setting up their network printers. Hopefully this isn’t a symptom of a larger problem that people have with hardening their systems/peripherals to prevent unauthorized use. Campus should really invest in a product that can map the network and show us all our subnets and all attack vectors for every machine on campus. Alex Warren CED IIT University of California, Berkeley 485 Wurster Hall Berkeley, CA 94720 (510) 295-5714 *From:* micronet-list-boun...@lists.berkeley.edu [mailto: micronet-list-boun...@lists.berkeley.edu] *On Behalf Of *Paul Rivers *Sent:* Thursday, March 24, 2016 1:09 PM *To:* Allison Henry <akhe...@security.berkeley.edu> *Cc:* Micronet List <micronet-list@lists.berkeley.edu>; Keenan Parmelee < keenanp...@berkeley.edu> *Subject:* Re: [Micronet] Neo-Nazi Printer Spam Yep, what Allison said. Berkeley wants to be #1 in many areas, but being #1 in printers listed as listening on the public internet as reported by shodan shouldn't be one of those areas. Paul On Thu, Mar 24, 2016 at 8:05 PM, Allison Henry < akhe...@security.berkeley.edu> wrote: Hi Micronetters, please do take a look at the best practices page and put measures in place to restrict access to printers from the public internet. The article indicates some methods you can use to accomplish this, and if you still have questions you can contact secur...@berkeley.edu for help. If you receive abusive or unwanted messages on printers/MFPs, and you have access to logs indicating the timestamp and IP address responsible for the print job, please send to secur...@berkeley.edu. Thanks all, - Allison Henry On 3/24/16 11:43 AM, Keenan Parmelee wrote: > ISP has some general guidelines > here: https://security.berkeley.edu/resources/best-practices-how-articles/network-printer-security-best-practices > > In general, restricting FTP and Telnet as well as enabling ACLs or IP > ranges is the best approach. If you have a print server, you can go > even further and restrict printing to only the Print Server IP address. > Otherwise, campus IP ranges at a minimum but that still might result in > some spam from others on campus. > > --- > Keenan Parmelee > Technical Services Manager > Student Affairs Information Technologies > http://rescomp.berkeley.edu > > On Thu, Mar 24, 2016 at 11:40 AM, Beth Muramoto <bmura...@berkeley.edu > <mailto:bmura...@berkeley.edu>> wrote: > > John, > > A user here received the same message. I tried to employ disabling > Telnet and FTP which worked on the other printers; features that > were discussed back during the holidays when printers campus wide > were being "attacked", but for some reason the IPs for these > printers (HP Laserjet 400) didn't allow it. If you haven't disabled > Telnet and FTP, I would do that to see if that will stop future attacks. > > Beth > > On Thu, Mar 24, 2016 at 11:33 AM, John McChesney-Young > <jmccyo...@berkeley.edu <mailto:jmccyo...@berkeley.edu>> wrote: > > This morning I found a flyer from the Neo-Nazi site _The Daily > Stormer_ in our printer's output tray: > > https://en.wikipedia.org/wiki/The_Daily_Stormer > > Have others on campus been getting anything similar or was it just > sent to our printer's IP address randomly? This is only the second > time in 4 years I'm aware of our getting printer spam so the > volume is > clearly not a major problem, but given the nature of it is there > anyone to whom it should be reported? > > Thanks! > > John > > -- > John McChesney-Young, Administrative Assistant > History of Art Department, 416 Doe MC6020 > U. C. Berkeley, Berkeley CA 94720-6020 > jmccyo...@berkeley.edu <mailto:jmccyo...@berkeley.edu> // voice > 1-510-642-5511 <tel:1-510-642-5511> // fax 1-510-643-2185 > <tel:1-510-643-2185> > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the > list server: > > To learn more about Micronet, including how to subscribe to or > unsubscribe from its mailing list and how to find out about > upcoming meetings, please visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and > world-viewable, and the list's archives can be browsed and > searched on the Internet. This means these messages can be > viewed by (among others) your bosses, prospective employers, and > people who have known you in the past. > > ANNOUNCEMENTS: To send announcements to the Micronet list, > please use the micronet-annou...@lists.berkeley.edu > <mailto:micronet-annou...@lists.berkeley.edu> list. > > > > > -- > *********************************************** > Beth Muramoto > Computer Resource Specialist > Graduate School of Education > University of California, Berkeley > 1650 Tolman Hall > Berkeley, CA 94720 > Email: mailto:bmura...@berkeley.edu <mailto:bmura...@berkeley.edu> > Phone: (510) 643-0203 <tel:%28510%29%20643-0203 <%28510%29%20643-0203>> > Fax: (510) 643-6239 <tel:%28510%29%20643-6239 <%28510%29%20643-6239>> > > “Finish each day and be done with it. You have done what you could. > Some blunders and absurdities have crept in – forget them as soon as > you can. Tomorrow is a new day. You shall begin it serenely and with > too high a spirit to be encumbered with your old nonsense.” > -Emerson > > This is the essence of forgiveness. You can't change what happened > but you can make sure it doesn't have the power to prevent you from > being happy tomorrow. > > -Paul Boese > > “Kind words do not cost much yet they accomplish much.” > > -Blaise Pascal > > > *********************************************** > > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list > server: > > To learn more about Micronet, including how to subscribe to or > unsubscribe from its mailing list and how to find out about upcoming > meetings, please visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and > world-viewable, and the list's archives can be browsed and searched > on the Internet. This means these messages can be viewed by (among > others) your bosses, prospective employers, and people who have > known you in the past. > > ANNOUNCEMENTS: To send announcements to the Micronet list, please > use the micronet-annou...@lists.berkeley.edu > <mailto:micronet-annou...@lists.berkeley.edu> list. > > > > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list server: > > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. > > ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list. > ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list. ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list. -- Jay Bryon Senior Network Engineer, U.C. Berkeley/IST/IS/Network Operations and Services j...@berkeley.edu 2-5636
------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list.
