Denying access to ports 9100 (JetDirect), 631 (IPP), and 515 (LPD) from off-campus sources would alleviate the problem. Pretty easy to implement campus wide. Then the SNS group may restart scanning public printers (I don't know why they stopped a year ago) for known vulnerabilities.
Best, Igor On Wed, Mar 30, 2016 at 2:13 PM, Graham Patterson <grah...@berkeley.edu> wrote: > > Access controls are not enough? Admittedly the Ricohs only have five > address range slots which makes complex network access control a bit > more of a challenge. > > You are exclusively Macs, so LPR is probably all you need? > > Graham > > On 3/30/16 2:05 PM, Baril wrote: > > To all, > > > > Well if you all "thought" you had your printer settings locked down, > > then I guess we were proven wrong with all the printer spam spewing from > > our printers. I have read the Storify piece on "Weev" (below link) and > > gleaned enough info out of it to apply further controls on my printers > > here. We have a combination of HP laser printers and some Ricoh > > copier/printers. The Ricoh link below explains "diprint" protocol that > > uses port 9100 and in the HP config pages you will find the 9100 port > > referenced. You need to disable anything that uses port 9100 to prevent > > the current rash of spam from printing. Good luck to all! > > > > https://storify.com/weev/a-small-experiment-in > > > http://support.ricoh.com/bb_v1oi/pub_e/oi_view/0001036/0001036377/view/netsys/unv/0130.htm > > > > Best, > > > > Roy > > > > > -- > Graham Patterson, Systems Administrator > Rm 111, Lawrence Hall of Science, UC Berkeley 510-643-1984 > "...past the iguana, the tyrannosaurus, the mastodon, the mathematical > puzzles, and the meteorite..." - used to be the directions to my office. > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list server: > > To learn more about Micronet, including how to subscribe to or unsubscribe > from its mailing list and how to find out about upcoming meetings, please > visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and world-viewable, and > the list's archives can be browsed and searched on the Internet. This > means these messages can be viewed by (among others) your bosses, > prospective employers, and people who have known you in the past. > > ANNOUNCEMENTS: To send announcements to the Micronet list, please use the > micronet-annou...@lists.berkeley.edu list. >
------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list.
