DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th July 2012
lumiwa lumiwa is offline
Package Pilot
 
Join Date: May 2008
Posts: 145
Default unwanted printing - cracking?

Hi!

My system is FreeBSD 9.0 Release.

I have a HP printer connected through router which works. But the last two days I
found three printed papers:
two are empty and on the one is:
GET http://www.rackspace.com/ HTTP/1.1
Host: www.rackspace.com
User-Agent: Mozilla/4.0 (compatible, MSIE 6.0: Windows NT 5.1)
Axxept: */*
Accept-Language: zh-cn
Connection: Keep-Alive

and on the other two were:
GET http://proxyjudge1.proxyfire.net/fastenv HTTP/1.1
Host: proxyjudge1.proxyfire.net
and the other four lines are the same.

There are nothing in the log files.
I don't have a server and I have pf firewall which I hope works.

Thanks in advance.

Mitja
Reply With Quote
  #2   (View Single Post)  
Old 7th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Please provide more information.
  1. Confirm your network configuration. From your brief description, it "sounds" like your network might be:
    Code:
    {internet} -- [router] --- [FBSD workstation]
                     |
                 [printer]
    If that's the case, your printer is not "behind" your workstation and access from other network devices on your local network (including via radio, if your network has WiFi access) may be the source of the output. The Internet is a possible source, but less likely, as your router is 99.99999% likely to be configured to use Network Address Translation (NAT), and that should preclude access from the Internet.
  2. What is the printer model number? From that we can determine what network protocols the printer supports. (Likely unrelated, in 2011, a security flaw with some HP printer models was publicized. Google for "HP printer security" for more information.)

Last edited by jggimi; 7th July 2012 at 05:23 PM. Reason: clarity
Reply With Quote
  #3   (View Single Post)  
Old 7th July 2012
lumiwa lumiwa is offline
Package Pilot
 
Join Date: May 2008
Posts: 145
Default

Quote:
Originally Posted by jggimi View Post
Please provide more information.
  1. Confirm your network configuration. From your brief description, it "sounds" like your network might be:
    Code:
    {internet} -- [router] --- [FBSD workstation]
                     |
                 [printer]
    If that's the case, your printer is not "behind" your workstation and access from other network devices on your local network (including via radio, if your network has WiFi access) may be the source of the output. The Internet is a possible source, but less likely, as your router is 99.99999% likely to be configured to use Network Address Translation (NAT), and that should preclude access from the Internet.
  2. What is the printer model number? From that we can determine what network protocols the printer supports. (Likely unrelated, in 2011, a security flaw with some HP printer models was publicized. Google for "HP printer security" for more information.)
We have a cable internet. I connected to the cable modem an Ethernet Boroadband Router D-link DI-604 (it is old but it works) and to the DI-604 are contected two computers, one with FreeBSd and one with Windows and HP business inkjet 3000 whic I got for free and it works very good.
We don't have a WiFi.
Reply With Quote
  #4   (View Single Post)  
Old 7th July 2012
lumiwa lumiwa is offline
Package Pilot
 
Join Date: May 2008
Posts: 145
Default

Something more:

I configured Virtual Server as is described in the manuals.

Virtual Server
The device can be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public (WAN) IP address can be automatically redirected to local servers in the LAN network. Depending on the requested service (TCP/UDP port number), the device redirects the external service request to the appropriate server within the LAN network. At the bottom of the screen, there are already defined well-known virtual services. To use them, click on the edit icon. You will only need to input the LAN IP address of the computer running the service and enable it.
Name - The name referencing the virtual service.
Private IP - The server computer in the LAN network that will be providing the virtual services.
Private Port - The port number of the service used by the Private IP computer.
Protocol Type - The protocol used for the virtual service.
Public Port - The port number on the WAN side that will be used to access the virtual service.
Schedule - The schedule of time when the virtual service will be enabled.

Example:
If you have a Web server that you wanted Internet users to access at all times, you would need to enable it. Web (HTTP) server is on LAN computer 192.168.0.25. HTTP uses port 80, TCP.

Name: Web Server
Private IP: 192.168.0.100
Protocol Type: TCP
Private Port: 9100
Public Port: 9100
Schedule: always

I have for private and public port the same port number and
Reply With Quote
  #5   (View Single Post)  
Old 8th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

There are many ways to interpret "...one with FreeBSd and one with Windows and HP business inkjet 300" so I will ask, again, about your local network.

How is the printer connected to your network? Through a USB connection on the Windows workstation? Via an Ethernet connection to the D-Link router? Please clarify. If the latter, the device will have an IP address on your local network, and if the printer is assigned address 192.168.0.100, you have opened access to your printer from the Internet. I say this because your "Virtual Server as is described in the manuals" appears to me to be port forwarding, and TCP port 9100 is used by HP on their network attached printers for JetDirect services.

I cannot tell, from what you have posted so far, if this is true, of course. What I actually know for certain, now, is that NAT is being used, as I'd assumed would be the case. That, unfortunately, is all I actually know. More information about your LAN and its configuration, related to the printer, would be helpful.
Reply With Quote
  #6   (View Single Post)  
Old 8th July 2012
lumiwa lumiwa is offline
Package Pilot
 
Join Date: May 2008
Posts: 145
Default

Quote:
Originally Posted by jggimi View Post
There are many ways to interpret "...one with FreeBSd and one with Windows and HP business inkjet 300" so I will ask, again, about your local network.

How is the printer connected to your network? Through a USB connection on the Windows workstation? Via an Ethernet connection to the D-Link router? Please clarify. If the latter, the device will have an IP address on your local network, and if the printer is assigned address 192.168.0.100, you have opened access to your printer from the Internet. I say this because your "Virtual Server as is described in the manuals" appears to me to be port forwarding, and TCP port 9100 is used by HP on their network attached printers for JetDirect services.

I cannot tell, from what you have posted so far, if this is true, of course. What I actually know for certain, now, is that NAT is being used, as I'd assumed would be the case. That, unfortunately, is all I actually know. More information about your LAN and its configuration, related to the printer, would be helpful.
The printer is connected to the D-Link via Ethernet. I made a Virtual server. Yes, printer assigned address is 192.158.0.100 and ports is 9100. My and the other computer are connected to the D-614 which is connected to the cable modem. In this way we are both reach Internet as HP 3000 printer which has Jetdirect card and is connected to DI-614 via Ethernet.

Thank you very much.
Reply With Quote
  #7   (View Single Post)  
Old 8th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

You have exposed your printer to the Internet. Anyone, anywhere, can send print jobs to it. There is nothing to "crack".
Reply With Quote
  #8   (View Single Post)  
Old 8th July 2012
lumiwa lumiwa is offline
Package Pilot
 
Join Date: May 2008
Posts: 145
Default

Quote:
Originally Posted by jggimi View Post
You have exposed your printer to the Internet. Anyone, anywhere, can send print jobs to it. There is nothing to "crack".
Thank you very much for the help.

Should be better connected via Ethernet to the both computers...
I will check if is possible to connected to the one computer with USB and to the other via Ethernet at the same time.

Thanks again.
Reply With Quote
  #9   (View Single Post)  
Old 8th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Let's level set, because I think you misunderstand the basics. Please forgive me if I provide information you already know, or, if I have misunderstood what you have posted.
  • Each device on your local network has its own IP address. You have four devices: the router, the two workstations, and the printer. Each can communicate directly, with each other. It's a network.
  • Your local network is in the 192.168.*.* block of IP addresses. This set of addresses is a private network, and cannot be used directly on the Internet.
  • Your router has two IP addresses. One is an address on your private network, and the other is an IP address on the Internet. As far as the Internet is concerned, you have a single IP address; nothing on the Internet knows the local IP addresses of your workstations or printer.
  • Your router keeps track of electronic "conversations" between your systems and systems on the Internet. It translates IP addresses in the packets it sends back and forth. I mentioned the technology earlier -- Network Address Translation (NAT).
  • Any "conversations" you initiate need no special handling. Your router knows which workstation initiated the request, and routes packets to the workstation as the converstation takes place.
  • On the other hand, any "conversations" that start on the Internet, for services you might run require router configuration set up. Your router doesn't "know" where those packets should go, since there is no conversation initiated from a device on the local network. For example, if you were to run a web server from your FreeBSD workstation, you would configure your router that incoming packets destined for port 80 should be forwarded to your workstation for processing. Otherwise, the router will reject or drop the packets, it doesn't know where to send them; they were not part of an established conversation.
From what you have posted, it is my understanding that you have configured your router to forward incoming packets destined for port 9100 to your printer. This error is what I noted in my previous post.


Did I misunderstand your configuration?
Reply With Quote
Old 10th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Closing the loop for any readers of this thread, as Lumiwa and I continued discussion via PM.

The problem source was identified as an inadvertent open print server on the Internet due to misunderstanding D-Link documentation. The problem was eliminated through reconfiguration of the router.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Printing. The final frontier. girarde OpenBSD General 11 5th January 2011 01:03 PM
Poster printing program map7 FreeBSD Ports and Packages 3 7th November 2010 07:41 PM
Tool for cracking encrypted session data J65nko News 0 9th June 2010 06:31 PM
Problem with printing unicyclist OpenBSD General 8 1st May 2009 07:06 PM


All times are GMT. The time now is 01:10 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick