<<< Date Index >>>     <<< Thread Index >>>

Re: Unsecure Ftpd on HP PSC 2510 Printer



Excuse me... Hijetter.exe uses port 9100 to dump files off... however you CAN retrieve them via port 21 AFTER dumping them off via port 9100.

-KF

Lawrence MacIntyre wrote:
A write-only ftp server doesn't seem like a good place to do that since you can't get them back out...

(nice try, though...)

KF_lists wrote:

Nothing like someone using the memory on your printer to stash a few files...

http://www.phenoelit.de/hp/docu.html
-KF

Lawrence MacIntyre wrote:

So why is this insecure?  Why is this different from port 631 (ipp) or
port 515 (lpd)?  It's a printer.  You give it a file, it prints it.  The
port or protocol it uses is immaterial...

On Wed, 2004-11-10 at 15:26 -0600, Justin Rush wrote:

Product Name: HP PSC 2510
Summary: Ftp print service is not configurable

    This printer comes with an ftp daemon which allows anonymous
access, and drops the user into a write only directory.  By default
anyone from anywhere can drop a file into this directory and the
printer will print the document.  There is no documentation about
this feature, nor is there anyway to change (enable/disable) it
via any of their software or on the printer itself.  HP Tech.
support says that if you don't want this feature then you should
hook up the printer as a local printer, however this printer
comes with both wireless and wired connectors on the back.

Justin Rush
jrush@xxxxxxxxxxxxxx