PSARC/2007/499 Automatic discovery of network attached printers
James Carlson
james.d.carlson at sun.com
Thu Aug 30 14:09:44 PDT 2007
Norm Jacobs writes:
> 1. It doesn't send out a response to any queries on the network.
Just being open is enough. The fact that it's open is easily
detectable, because the system won't send back an ICMP Destination
Unreachable / Port Unreachable when a packet for that port is
received. Scanners use that feature to find the open and closed
ports.
> 2. The port that is uses is not a well known port. It's effectively
> random.
Sure. All open ports are interesting, though.
> The result is that you really can't scan for it. Of course, this
> doesn't mean that someone can't write a little software to pretend to be
> a network attached printer and try and exploit it. It's just more work
> to make the attempt.
As far as security is concerned, I'd say that it's not much more work.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list