[20522] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Tektronix (Xerox) PhaserLink 850 Webserver Vulnerability (NEW)

daemon@ATHENA.MIT.EDU (Justin Shore)
Tue May 1 12:24:13 2001

MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.LNX.4.10.10104302108160.14477-100000@neo.pittstate.edu>
Date:         Mon, 30 Apr 2001 21:26:44 -0500
Reply-To: macdaddy@PITTSTATE.EDU
From: Justin Shore <macdaddy@PITTSTATE.EDU>
X-To:         Ltlw0lf <ltlw0lf@NOSPAM.HOME.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <200104301412.f3UEC6904667@cx492171-a.cv1.sdca.home.com>

I highly recommend assigning private IPs to all items such as printers,
fancy fax machines, switches, etc...  The only reason to give them a
public IP is conveinance.  Conveinance and security usually cancel each
other out. It's hard to have one if you're big on the other.  Assign
private IP subnets to the same internal subnets that you used the public
IPs on, route them internally, and get real big on ingress/egress
filtering of those RFC1918 blocks.  Then only your own users can hurt you.
Sure it's not a fixall but it's usually easier to gain accountability
locally than on the 'Net at large.  Good luck!

Justin

On Mon, 30 Apr 2001, Ltlw0lf wrote:

> Thanks, Francis...  Looks like 750DP and 930 printers should be added to the
> list of printers that exibit this vuln.
>
> Unfortunately, your fix doesn't always work with printers.  We've noticed on
> most printers, a blank gateway means "find out the gateway yourself."  Most
> printers will utilize RIP, or worse, will just choose a gateway (i.e.
> 10.0.0.1 for network 10.0.0.0) of its own.  We've seen tektronix printers do
> this as well as hp printers.  We've suggested setting the default gateway
> as the IP address of the printer, and this usually limits the vulnerability,
> but not always.  Best is to put it behind the corporate firewall or restrict
> it in other ways.
>
> Francis Favorini <francis.favorini@DUKE.EDU> wrote:
>
> <snip>
> > I suggest not setting a default gateway for the printer's IP
> > configuration.
> > This should limit the vulnerability to your own subnet.
>
home help back first fref pref prev next nref lref last post