Re: [Micronet] Printer spam.....

[Allison Henry]

Hi Micronetters, just as an FYI we have scanned and will continue to
scan all devices connected to the campus network, including printers and
multifunction devices, for known vulnerabilities. Many of you must know
this as you have received security notifications from us concerning
out-of-date or mis-configured printer devices. We do make an effort to
tune our scanning to avoid garbage printouts and other service disruptions.

I would also like to remind folks that the appropriate place to discuss
specific vulnerabilities and associated security controls is the
non-public UCB-Security mailing list:

https://security.berkeley.edu/resources/mailing-lists-workgroups/ucb-security-mailing-list

We're also very open to any suggestions on how to improve our advice and
documentation, on this subject or any other found on our website. Please
feel free to email secur...@berkeley.edu if you have any questions or
feedback to offer. Thanks all,

- Allison Henry

On 3/30/16 2:30 PM, Igor Savine wrote:
> Denying access to ports 9100 (JetDirect), 631 (IPP), and 515 (LPD) from
> off-campus sources would alleviate the problem. Pretty easy to implement
> campus wide. Then the SNS group may restart scanning public printers (I
> don't know why they stopped a year ago) for known vulnerabilities.
> 
> Best,
> Igor
> 
> On Wed, Mar 30, 2016 at 2:13 PM, Graham Patterson  > wrote:
> 
> 
> Access controls are not enough? Admittedly the Ricohs only have five
> address range slots which makes complex network access control a bit
> more of a challenge.
> 
> You are exclusively Macs, so LPR is probably all you need?
> 
> Graham
> 
> On 3/30/16 2:05 PM, Baril wrote:
> > To all,
> >
> > Well if you all "thought" you had your printer settings locked down,
> > then I guess we were proven wrong with all the printer spam spewing from
> > our printers. I have read the Storify piece on "Weev" (below link) and
> > gleaned enough info out of it to apply further controls on my printers
> > here. We have a combination of HP laser printers and some Ricoh
> > copier/printers. The Ricoh link below explains "diprint" protocol that
> > uses port 9100 and in the HP config pages you will find the 9100 port
> > referenced. You need to disable anything that uses port 9100 to prevent
> > the current rash of spam from printing. Good luck to all!
> >
> > https://storify.com/weev/a-small-experiment-in
> > 
> http://support.ricoh.com/bb_v1oi/pub_e/oi_view/0001036/0001036377/view/netsys/unv/0130.htm
> >
> > Best,
> >
> > Roy
> >
> 
> 
> --
> Graham Patterson, Systems Administrator
> Rm 111, Lawrence Hall of Science, UC Berkeley   510-643-1984
> 
> "...past the iguana, the tyrannosaurus, the mastodon, the mathematical
> puzzles, and the meteorite..." - used to be the directions to my office.
> 
> 
> -
> The following was automatically added to this message by the list
> server:
> 
> To learn more about Micronet, including how to subscribe to or
> unsubscribe from its mailing list and how to find out about upcoming
> meetings, please visit the Micronet Web site:
> 
> http://micronet.berkeley.edu
> 
> Messages you send to this mailing list are public and
> world-viewable, and the list's archives can be browsed and searched
> on the Internet.  This means these messages can be viewed by (among
> others) your bosses, prospective employers, and people who have
> known you in the past.
> 
> ANNOUNCEMENTS: To send announcements to the Micronet list, please
> use the micronet-annou...@lists.berkeley.edu
>  list.
> 
> 
> 
> 
>  
> -
> The following was automatically added to this message by the list server:
> 
> To learn more about Micronet, including how to subscribe to or unsubscribe 
> from its mailing list and how to find out about upcoming meetings, please 
> visit the Micronet Web site:
> 
> http://micronet.berkeley.edu
> 
> Messages you send to this mailing list are public and world-viewable, and the 
> list's archives can be browsed and searched on the Internet.  This means 
> these messages can be viewed by (among others) your bosses, prospective 
> employers, and people who have known you in the past.
> 
> ANNOUNCEMENTS: To send announcements to the Micronet list, please use the 
> micronet-annou...@lists.berkeley.edu list.
> 

 
-
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from 
its mailing list and how to find out about upcoming meetings, please visit the 
Micronet Web 

Re: [Micronet] Printer spam.....

[Beth Muramoto]

Thanks for doing the research for these options and testing them. I have to
admit that I was at a bit of a loss reading the security.berkeley.edu site
about all the best practices, and having no idea about how to approach it.
Between this and the OS updates, I feel pretty overwhelmed so I'm ever
grateful for the information.

Beth

On Wed, Mar 30, 2016 at 2:05 PM, Baril  wrote:

> To all,
>
> Well if you all "thought" you had your printer settings locked down,
> then I guess we were proven wrong with all the printer spam spewing from
> our printers. I have read the Storify piece on "Weev" (below link) and
> gleaned enough info out of it to apply further controls on my printers
> here. We have a combination of HP laser printers and some Ricoh
> copier/printers. The Ricoh link below explains "diprint" protocol that
> uses port 9100 and in the HP config pages you will find the 9100 port
> referenced. You need to disable anything that uses port 9100 to prevent
> the current rash of spam from printing. Good luck to all!
>
> https://storify.com/weev/a-small-experiment-in
>
> http://support.ricoh.com/bb_v1oi/pub_e/oi_view/0001036/0001036377/view/netsys/unv/0130.htm
>
> Best,
>
> Roy
>
> --
> Roy A. Baril
> Director of Technology
> Graduate School of Journalism
> University of California
> 121 North Gate Hall
> Berkeley, CA 94720
> 510-643-9215 -- Work
> 510-643-9136 -- Fax
> 925-352-9543 -- Cell
>
>
>
> -
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This
> means these messages can be viewed by (among others) your bosses,
> prospective employers, and people who have known you in the past.
>
> ANNOUNCEMENTS: To send announcements to the Micronet list, please use the
> micronet-annou...@lists.berkeley.edu list.
>



-- 
***
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:bmura...@berkeley.edu
Phone:  (510) 643-0203
Fax:  (510) 643-6239

“Finish each day and be done with it. You have done what you could. Some
blunders and absurdities have crept in – forget them as soon as you can.
Tomorrow is a new day. You shall begin it serenely and with too high a
spirit to be encumbered with your old nonsense.”
-Emerson

This is the essence of forgiveness. You can't change what happened but you
can make sure it doesn't have the power to prevent you from being happy
tomorrow.

 -Paul Boese

“Kind words do not cost much yet they accomplish much.”

-Blaise Pascal


***
 
-
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from 
its mailing list and how to find out about upcoming meetings, please visit the 
Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the 
list's archives can be browsed and searched on the Internet.  This means these 
messages can be viewed by (among others) your bosses, prospective employers, 
and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the 
micronet-annou...@lists.berkeley.edu list.

Re: [Micronet] Printer spam.....

[Graham Patterson]

Access controls are not enough? Admittedly the Ricohs only have five
address range slots which makes complex network access control a bit
more of a challenge.

You are exclusively Macs, so LPR is probably all you need?

Graham

On 3/30/16 2:05 PM, Baril wrote:
> To all,
> 
> Well if you all "thought" you had your printer settings locked down, 
> then I guess we were proven wrong with all the printer spam spewing from 
> our printers. I have read the Storify piece on "Weev" (below link) and 
> gleaned enough info out of it to apply further controls on my printers 
> here. We have a combination of HP laser printers and some Ricoh 
> copier/printers. The Ricoh link below explains "diprint" protocol that 
> uses port 9100 and in the HP config pages you will find the 9100 port 
> referenced. You need to disable anything that uses port 9100 to prevent 
> the current rash of spam from printing. Good luck to all!
> 
> https://storify.com/weev/a-small-experiment-in
> http://support.ricoh.com/bb_v1oi/pub_e/oi_view/0001036/0001036377/view/netsys/unv/0130.htm
> 
> Best,
> 
> Roy
> 


-- 
Graham Patterson, Systems Administrator
Rm 111, Lawrence Hall of Science, UC Berkeley   510-643-1984
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - used to be the directions to my office.

 
-
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from 
its mailing list and how to find out about upcoming meetings, please visit the 
Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the 
list's archives can be browsed and searched on the Internet.  This means these 
messages can be viewed by (among others) your bosses, prospective employers, 
and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the 
micronet-annou...@lists.berkeley.edu list.

[Micronet] Printer spam.....

[Baril]

To all,

Well if you all "thought" you had your printer settings locked down, 
then I guess we were proven wrong with all the printer spam spewing from 
our printers. I have read the Storify piece on "Weev" (below link) and 
gleaned enough info out of it to apply further controls on my printers 
here. We have a combination of HP laser printers and some Ricoh 
copier/printers. The Ricoh link below explains "diprint" protocol that 
uses port 9100 and in the HP config pages you will find the 9100 port 
referenced. You need to disable anything that uses port 9100 to prevent 
the current rash of spam from printing. Good luck to all!

https://storify.com/weev/a-small-experiment-in
http://support.ricoh.com/bb_v1oi/pub_e/oi_view/0001036/0001036377/view/netsys/unv/0130.htm

Best,

Roy

-- 
Roy A. Baril
Director of Technology
Graduate School of Journalism
University of California
121 North Gate Hall
Berkeley, CA 94720
510-643-9215 -- Work
510-643-9136 -- Fax
925-352-9543 -- Cell


 
-
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from 
its mailing list and how to find out about upcoming meetings, please visit the 
Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the 
list's archives can be browsed and searched on the Internet.  This means these 
messages can be viewed by (among others) your bosses, prospective employers, 
and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the 
micronet-annou...@lists.berkeley.edu list.