Hi Micronetters, just as an FYI we have scanned and will continue to scan all devices connected to the campus network, including printers and multifunction devices, for known vulnerabilities. Many of you must know this as you have received security notifications from us concerning out-of-date or mis-configured printer devices. We do make an effort to tune our scanning to avoid garbage printouts and other service disruptions.
I would also like to remind folks that the appropriate place to discuss specific vulnerabilities and associated security controls is the non-public UCB-Security mailing list: https://security.berkeley.edu/resources/mailing-lists-workgroups/ucb-security-mailing-list We're also very open to any suggestions on how to improve our advice and documentation, on this subject or any other found on our website. Please feel free to email secur...@berkeley.edu if you have any questions or feedback to offer. Thanks all, - Allison Henry On 3/30/16 2:30 PM, Igor Savine wrote: > Denying access to ports 9100 (JetDirect), 631 (IPP), and 515 (LPD) from > off-campus sources would alleviate the problem. Pretty easy to implement > campus wide. Then the SNS group may restart scanning public printers (I > don't know why they stopped a year ago) for known vulnerabilities. > > Best, > Igor > > On Wed, Mar 30, 2016 at 2:13 PM, Graham Patterson <grah...@berkeley.edu > <mailto:grah...@berkeley.edu>> wrote: > > > Access controls are not enough? Admittedly the Ricohs only have five > address range slots which makes complex network access control a bit > more of a challenge. > > You are exclusively Macs, so LPR is probably all you need? > > Graham > > On 3/30/16 2:05 PM, Baril wrote: > > To all, > > > > Well if you all "thought" you had your printer settings locked down, > > then I guess we were proven wrong with all the printer spam spewing from > > our printers. I have read the Storify piece on "Weev" (below link) and > > gleaned enough info out of it to apply further controls on my printers > > here. We have a combination of HP laser printers and some Ricoh > > copier/printers. The Ricoh link below explains "diprint" protocol that > > uses port 9100 and in the HP config pages you will find the 9100 port > > referenced. You need to disable anything that uses port 9100 to prevent > > the current rash of spam from printing. Good luck to all! > > > > https://storify.com/weev/a-small-experiment-in > > > http://support.ricoh.com/bb_v1oi/pub_e/oi_view/0001036/0001036377/view/netsys/unv/0130.htm > > > > Best, > > > > Roy > > > > > -- > Graham Patterson, Systems Administrator > Rm 111, Lawrence Hall of Science, UC Berkeley 510-643-1984 > <tel:510-643-1984> > "...past the iguana, the tyrannosaurus, the mastodon, the mathematical > puzzles, and the meteorite..." - used to be the directions to my office. > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list > server: > > To learn more about Micronet, including how to subscribe to or > unsubscribe from its mailing list and how to find out about upcoming > meetings, please visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and > world-viewable, and the list's archives can be browsed and searched > on the Internet. This means these messages can be viewed by (among > others) your bosses, prospective employers, and people who have > known you in the past. > > ANNOUNCEMENTS: To send announcements to the Micronet list, please > use the micronet-annou...@lists.berkeley.edu > <mailto:micronet-annou...@lists.berkeley.edu> list. > > > > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list server: > > To learn more about Micronet, including how to subscribe to or unsubscribe > from its mailing list and how to find out about upcoming meetings, please > visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and world-viewable, and the > list's archives can be browsed and searched on the Internet. This means > these messages can be viewed by (among others) your bosses, prospective > employers, and people who have known you in the past. > > ANNOUNCEMENTS: To send announcements to the Micronet list, please use the > micronet-annou...@lists.berkeley.edu list. > ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list.
