Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Dumping Data From Printers

Re: Dumping Data From Printers

From: Gary Warner <gar_at_askgar.com>
Date: Thu, 08 May 2008 20:33:04 -0500

Paul Melson wrote:
>> what would be the greatest risk if network admin leave Network printers
>>
> without password protected.
>

Actually, my favorite demonstration of how EVERY DEVICE ON THE NETWORK
MUST BE SECURE was to find a printer on the same subnet as something
sensitive (Mainframes work nicely for this demo) and then change the IP
address of the printer to match the IP address of the mainframe.

If there isn't a sensitive server handy, setting the printer to have the
same IP address as the Default Network Gateway for its network segment
is also an effective demo. 

-- 
--------------
Gary Warner
Director of Research in Computer Forensics
The University of Alabama at Birmingham
gar_at_cis.uab.edu            gar_at_askgar.com
--------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Received on May 08 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]