On Sat, Aug 14, 2004 at 06:38:26PM -0700, Jon Forrest wrote:
> I'm looking for standalone print server boxes
> that have the feature of only allowing printing
> from specific IP addresses. (I know that HP
> JetDirect boxes can do this but I'm wondering
> if there are any other less expensive alternatives.)
less expensive than putting said printer in some
RFC1918 space that only the print-accounting server can reach?
if they are physically close enough, i should think that
an extra NIC and cross-over cable would work. :-)
Can't get much cheaper than that. ;-)
Network enabled printers pose a horrible risk, as these
devices often possess more than simple tcp/ip stacks:
often full blown webservers, ftp servers, etc, without
any thought to firmware maintenance. Inherently prone
to bitrot, a compromised printer can be a source
of ftp-bounce attacks, good place to store
attack code, et alii.
It is a good idea to take these devices off of a public
network, as they often do not have secure admin interfaces
(use telnet or unencrypted http), default passwords
or backdoors, and, as you originally point out, little
thought to authentication and/or access control.
A nice write up of the issue was on freshmeat, april 2002,
but still relevant, i think.
Network Printers and Other Peripherals -- Vulnerabilities and Fixes
http://freshmeat.net/articles/view/445/
-- "A physicist is an atom's way of knowing about atoms" -- George Wald (1906-1997) ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Sun Aug 15 12:25:15 2004
This archive was generated by hypermail 2.1.8 : Sun Aug 15 2004 - 12:25:24 PDT