Be careful when port scanning printers, it was mentioned on PDC a while ago that some printers will print whatever is sent to port 9100 & if you scan that port it will print out a very large stack of pages full of gibberish.
Nmap excludes that port now, but I figured it was worth mentioning http://nmap.org/book/man-version-detection.html --allports (Don't exclude any ports from version detection) By default, Nmap version detection skips TCP port 9100 because some printers simply print anything sent to that port, leading to dozens of pages of HTTP GET requests, binary SSL session requests, etc. This behavior can be changed by modifying or removing the Exclude directive in nmap-service-probes, or you can specify --allports to scan all ports regardless of any Excludedirective. On Tue, Nov 3, 2009 at 10:54 AM, Tim Mugherini <[email protected]> wrote: > In addition to suggestion for scanning (telnet, etc..) > > Pay attention to the scanning settings - many of these devices store > all scanned images on the web server and do not require auth to > retrieve (seen this with xerox before) > > > > > > > On Tue, Nov 3, 2009 at 8:42 AM, Bradley McMahon <[email protected]> > wrote: > > > > I suggest preforming a port scan on one of the devices and see what is > > running my guess is telnet is wide open with no password and SNMP is > enabled > > by default. > > -Brad > > > > > > > > On Tue, Nov 3, 2009 at 7:55 AM, k41zen <[email protected]> wrote: > >> > >> So a client has purchased several HP9040 multifunction devices (MFP) > >> to allow them to use the scanning feature so that they can scan a doc > >> and have it email the result to them. > >> > >> From the limited documentation provided, several areas of interest > >> jump out such as: > >> > >> Securely stores usernames and email addresses with an LDAP sync > >> from AD > >> Authenticates the user to AD at the printer panel > >> Scan a document and have it automatically emailed to you > >> Scan a document and have it automatically saved to your home > drive > >> > >> I get to play with this later this week but wondered if someone has > >> already looked into what fun can be had with these devices. > >> > >> Grateful for any info. > >> > >> Regards, > >> > >> k41zen > >> > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
