Discussion:
[Openvas-plugins] Additional PJL ports for Konica Minolta.
Pierre-d O.
2017-02-10 16:24:28 UTC
Permalink
Some recent printer models from Konica Minolta have additional
PJL/Jetdirect ports open causing unwanted paper waste even if the
printer is detected as such.

By default, the ports are 9112-9116 as per the printer manual:

http://manuals.konicaminolta.eu/bizhub-C554e-C454e-C364e-C284e-C224e/EN/contents/id08-_101380031.html
(see screenshot #3)

I have attached a patch to add those ports to the dont_print_on_printers NVT.

--Pierre-D.
Christian Fischer
2017-02-11 12:08:14 UTC
Permalink
Hi Pierre-D,
Post by Pierre-d O.
Some recent printer models from Konica Minolta have additional
PJL/Jetdirect ports open causing unwanted paper waste even if the
printer is detected as such.
http://manuals.konicaminolta.eu/bizhub-C554e-C454e-C364e-C284e-C224e/EN/contents/id08-_101380031.html
Post by Pierre-d O.
(see screenshot #3)
I have attached a patch to add those ports to the
dont_print_on_printers NVT.

thanks again for your contribution. I will have a look at this coming
Monday.

Unfortunately the raw socket topic is quite complex. We have a NVT
trying to identify this services:

http://plugins.openvas.org/nasl.php?oid=80079

The same is also used in your patched dont_print_on_printers.nasl for
port 9100 only (The #TBD marked item).

Unfortunately a lot of printers don't answer to such requests anymore
(e.g. my HP Officejet Pro 8600) but still printing out everything sent
to those ports which is not such a PJL request.

Do you have any experiences with scanning this Konica Minolta printers?
Did that PJL / Raw socket got identified?

The main issue is that this ports can be chosen freely by users as seen
at your posted documentation. But i think with your patch we can catch
the majority of the common setups / printers.

Thanks again.

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Pierre-d O.
2017-02-13 16:19:01 UTC
Permalink
This post might be inappropriate. Click to display it.
Christian Fischer
2017-02-14 08:14:05 UTC
Permalink
Hi Pierre-D.,

thanks again for your reply and the patch. Just have applied it into the
SVN and it should be available with the next feed update.
Post by Pierre-d O.
yes the printer got identified as such but I'm not able to tell which
of the tests from the dont_print_on_printers identified it (this might
be a future improvement to make for this NVT). Even though it got
detected by one of the test, it still caused paper to be wasted
because of other ports exposed.
Closing those ports on the printer fixed that issue, but they were
activated by default as described in the manual
http://manuals.konicaminolta.eu/bizhub-C554e-C454e-C364e-C284e-C224e/EN/contents/opkey_1016_S.html
Ok, that sounds good. We had tested that new methodology against a few
printers but its always good to have a confirmation against other
untested printer models. I think we can catch most default installations
now and people are still able to add additional ports which should be
excluded to the script preferences of dont_print_on_printers.nasl.
Post by Pierre-d O.
I think the recent PJL printer hacking exposures
(http://hacking-printers.net/wiki/index.php/Main_Page &
https://motherboard.vice.com/en_us/article/this-teen-hacked-150000-printers-to-show-how-the-internet-of-things-is-shit)
may get customers/vendors to reconsider this default configuration,
but for now those still are open on a lot of printers and should
potentially be reported as a form of vulnerability, but also avoided
in order to minimize paper waste.
I had updated the mentioned NVT a few days ago to report each raw socket
port separately if it was found to be open:

https://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2017-February/005245.html

The main issue here is that we can't mark such ports reliable as many
printers out there are not talking to us but are still printing out
everything they got. But i think the previous mentioned change of
dont_print_on_printers.nasl to report all open default ports is a first
step.

Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Loading...