InverseOfNeo
Diamond Member
- Nov 17, 2000
- 3,719
- 0
- 0
Now that I think about it, JetDirects can be kind of noisy. So this was probably just normal traffic (if you noticed this was most likely just a printer and not a computer). So you 1337 fscktards just hax0red an HP printer. Way to go tools. 
I think it would be funny if they had an IDS setup that recorded all of this and everyone that touched the machine got a nice letter in the mail or a sherrif at their door
Originally posted by: n0cmonkey
I think it would be funny if they had an IDS setup that recorded all of this and everyone that touched the machine got a nice letter in the mail or a sherrif at their door
Did you wake up with your thumb up your a$$ or something man?
Originally posted by: n0cmonkey
I think it would be funny if they had an IDS setup that recorded all of this and everyone that touched the machine got a nice letter in the mail or a sherrif at their door
Not everyone messed with it. I just looked at the queue.
Originally posted by: UberDave
Originally posted by: n0cmonkey
I think it would be funny if they had an IDS setup that recorded all of this and everyone that touched the machine got a nice letter in the mail or a sherrif at their door
Did you wake up with your thumb up your a$$ or something man?
No some government contractor let the monkey out of his cage.
His warning is sincere, if they do have an IDS system everyone that accessed the printer could be charged with computer crimes. Accessing computing services without permission of the owner is a violation of federal computer time laws. The university in question could concievably bill every person that accessed the machine for computer time at some obscene rate of $1 a minute. Your IP address IS traceable to you, all they need to do is have a system in place to log connections. With a university that undoubtably charges for prints above a certain quota there is a good chance that such a system is in place.
Heed the advice of the monkey.
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Originally posted by: narzy
all this does is make clueless admins anal about everything guys.
Its a shame what this place has turned into. anyone ever think of E_mailing them and telling them they have a problem? don't give me that "well they should know better" bullcrap. I really don't want to hear it, and it makes you look more and more like a bunch of dumbasses.
this is your printer, isn't it?
rudder
Lifer
- Nov 9, 2000
- 19,441
- 86
- 91
Originally posted by: rahvin
Originally posted by: UberDave
No some government contractor let the monkey out of his cage.
Your IP address IS traceable to you, all they need to do is have a system in place to log connections. With a university that undoubtably charges for prints above a certain quota there is a good chance that such a system is in place.
Heed the advice of the monkey.
Ha that would hold up in court. Its a computing service conntected to the internet. Who's to say these fine folks just found the printer via a google link.Now if I had to break i through a firewall or there was a password screen saying "unauthorized use is prohibited" then they may have a case. Too bad whoever set the thing up is not very smart.
Originally posted by: rudder
Originally posted by: rahvin
Originally posted by: UberDave
No some government contractor let the monkey out of his cage.
Your IP address IS traceable to you, all they need to do is have a system in place to log connections. With a university that undoubtably charges for prints above a certain quota there is a good chance that such a system is in place.
Heed the advice of the monkey.
Ha that would hold up in court. Its a computing service conntected to the internet. Who's to say these fine folks just found the printer via a google link.Now if I had to break i through a firewall or there was a password screen saying "unauthorized use is prohibited" then they may have a case. Too bad whoever set the thing up is not very smart.
So if you leave your front door open it's completely legal for someone to come in and take stuff? Sure you might be dumb but that doesn't mean it's legal. Maybe you should understand computer crime laws before you comment on them. By accessing and using computing services without the consent of the person that owns the system you have broken the law. PERIOD. Whether or not the action will be prosecuted depends on the system administrator and the DA in the area. I've found that most university sys admins are rather paranoid and defensive. Nothing might happen, of course you could get a letter in a week from your ISP notifying you that they are terminating your internet service for violations of their TOS.
Originally posted by: rahvin
Originally posted by: rudder
Originally posted by: rahvin
Originally posted by: UberDave
No some government contractor let the monkey out of his cage.
Your IP address IS traceable to you, all they need to do is have a system in place to log connections. With a university that undoubtably charges for prints above a certain quota there is a good chance that such a system is in place.
Heed the advice of the monkey.
Ha that would hold up in court. Its a computing service conntected to the internet. Who's to say these fine folks just found the printer via a google link.Now if I had to break i through a firewall or there was a password screen saying "unauthorized use is prohibited" then they may have a case. Too bad whoever set the thing up is not very smart.
So if you leave your front door open it's completely legal for someone to come in and take stuff? Sure you might be dumb but that doesn't mean it's legal. Maybe you should understand computer crime laws before you comment on them. By accessing and using computing services without the consent of the person that owns the system you have broken the law. PERIOD. Whether or not the action will be prosecuted depends on the system administrator and the DA in the area. I've found that most university sys admins are rather paranoid and defensive. Nothing might happen, of course you could get a letter in a week from your ISP notifying you that they are terminating your internet service for violations of their TOS.
There are FAR too many asshats talking out of their ass in this thread.
Whoever thinks that this is something an IDS would prevent know very little about IDS systems. IDS' discern attack *signatures* in requests/responses, not legitimate service requests for non-authenticated services like printers, web services, etc.. Sending print jobs to this printer are normal requests, and so obviously would not be picked up by the IDS. If they didn't want those with source addresses outside of their network to access the system, they would have added the rules to prevent such in their firewall. The firewall does the job of filtering, not the IDS.
It didn't become illegal until all you decided to DOS the damn thing by sending more requests than it could perform, thereby encumbering it's legitimate use by other users.
That is all
Originally posted by: Descartes
Originally posted by: rahvin
Originally posted by: rudder
Originally posted by: rahvin
Originally posted by: UberDave
No some government contractor let the monkey out of his cage.
Your IP address IS traceable to you, all they need to do is have a system in place to log connections. With a university that undoubtably charges for prints above a certain quota there is a good chance that such a system is in place.
Heed the advice of the monkey.
Ha that would hold up in court. Its a computing service conntected to the internet. Who's to say these fine folks just found the printer via a google link.Now if I had to break i through a firewall or there was a password screen saying "unauthorized use is prohibited" then they may have a case. Too bad whoever set the thing up is not very smart.
So if you leave your front door open it's completely legal for someone to come in and take stuff? Sure you might be dumb but that doesn't mean it's legal. Maybe you should understand computer crime laws before you comment on them. By accessing and using computing services without the consent of the person that owns the system you have broken the law. PERIOD. Whether or not the action will be prosecuted depends on the system administrator and the DA in the area. I've found that most university sys admins are rather paranoid and defensive. Nothing might happen, of course you could get a letter in a week from your ISP notifying you that they are terminating your internet service for violations of their TOS.
There are FAR too many asshats talking out of their ass in this thread.
Whoever thinks that this is something an IDS would prevent know very little about IDS systems. IDS' discern attack *signatures* in requests/responses, not legitimate service requests for non-authenticated services like printers, web services, etc.. Sending print jobs to this printer are normal requests, and so obviously would not be picked up by the IDS. If they didn't want those with source addresses outside of their network to access the system, they would have added the rules to prevent such in their firewall. The firewall does the job of filtering, not the IDS.
It didn't become illegal until all you decided to DOS the damn thing by sending more requests than it could perform, thereby encumbering it's legitimate use by other users.
That is all
I never said this is something an IDS would prevent, very few IDSes out there really have good abilities to kill connections and whatnot. But it could easily pick up a bunch of probes at whichever port that happened to be and notice that they are not coming from local addresses. In fact, it could be setup very easily to detect things coming from non-local addresses. Thats why no one said that an IDS would stop this, just that it could pick it up. The printer appears to have been DoSed since 2000+ pages were stolen by children that have nothing better to do than commit felonies.
No worries, i've emailed the sys admin already...here's his response. - No, i did not make a reference to all the print request coming from ATOT.
*****************************
On Tue, 15 Oct 2002, Jason wrote:
Thanks ... we'll take care of this.
> Good morning. You've got a printer that is open to the world and appears even in a google search. I'd recommend you take it off the internet, unless this is what you've intended and secure your network. It appears to be an hp laserjet 4100.
>
> Not a major security risk, other than the possibility of losing a few sheets of paper to the world, but probably should be locked up off the internet.
>
> You can http & telnet to it.
>
> Printer:
> http://134.129.39.67/hp/device/this.LCDispatcher
>
> Google Search:
> http://www.google.com/search?hl=en&.../device/this.LCDispatcher+&btnG=Google+Search
>
> Thanks,
>
> Jason
*******************
My point is people should not leave their networks unsecured. All it took was a quick little port probe to pull up info on this printer. It easily could have been a computer or a server.
I didn't bother to probe anything else on his network. Hopefully he'll take my email as fair warning they should re-evaluate their network security policy.
*****************************
On Tue, 15 Oct 2002, Jason wrote:
Thanks ... we'll take care of this.
> Good morning. You've got a printer that is open to the world and appears even in a google search. I'd recommend you take it off the internet, unless this is what you've intended and secure your network. It appears to be an hp laserjet 4100.
>
> Not a major security risk, other than the possibility of losing a few sheets of paper to the world, but probably should be locked up off the internet.
>
> You can http & telnet to it.
>
> Printer:
> http://134.129.39.67/hp/device/this.LCDispatcher
>
> Google Search:
> http://www.google.com/search?hl=en&.../device/this.LCDispatcher+&btnG=Google+Search
>
> Thanks,
>
> Jason
*******************
My point is people should not leave their networks unsecured. All it took was a quick little port probe to pull up info on this printer. It easily could have been a computer or a server.
I didn't bother to probe anything else on his network. Hopefully he'll take my email as fair warning they should re-evaluate their network security policy.
Stev0: What happen?
ATOT: Someone set us up a hack!
ATOT: We get probed!
Stev0: What!
ATOT: Blackice up!
Stev0: It's you!
1337 h4x0r: How are you gentlemen!!
1337 h4x0r: All your computers are belong to us
1337 h4x0r: You are on your way to /dev/null
Stev0: What you say!
1337 h4x0r: You have no change to block IP make your time
1337 h4x0r: Ha Ha Ha Ha....
Stev0: Take off every CAT-5
Stev0: You know what you are doing
Stev0: Move CAT-5
Stev0: For great justice!
ATOT: Someone set us up a hack!
ATOT: We get probed!
Stev0: What!
ATOT: Blackice up!
Stev0: It's you!
1337 h4x0r: How are you gentlemen!!
1337 h4x0r: All your computers are belong to us
1337 h4x0r: You are on your way to /dev/null
Stev0: What you say!
1337 h4x0r: You have no change to block IP make your time
1337 h4x0r: Ha Ha Ha Ha....
Stev0: Take off every CAT-5
Stev0: You know what you are doing
Stev0: Move CAT-5
Stev0: For great justice!
Originally posted by: n0cmonkey
Originally posted by: DescartesI never said this is something an IDS would prevent, very few IDSes out there really have good abilities to kill connections and whatnot. But it could easily pick up a bunch of probes at whichever port that happened to be and notice that they are not coming from local addresses. In fact, it could be setup very easily to detect things coming from non-local addresses. Thats why no one said that an IDS would stop this, just that it could pick it up. The printer appears to have been DoSed since 2000+ pages were stolen by children that have nothing better to do than commit felonies.Originally posted by: rahvinThere are FAR too many asshats talking out of their ass in this thread. Whoever thinks that this is something an IDS would prevent know very little about IDS systems. IDS' discern attack *signatures* in requests/responses, not legitimate service requests for non-authenticated services like printers, web services, etc.. Sending print jobs to this printer are normal requests, and so obviously would not be picked up by the IDS. If they didn't want those with source addresses outside of their network to access the system, they would have added the rules to prevent such in their firewall. The firewall does the job of filtering, not the IDS. It didn't become illegal until all you decided to DOS the damn thing by sending more requests than it could perform, thereby encumbering it's legitimate use by other users. That is allOriginally posted by: rudderSo if you leave your front door open it's completely legal for someone to come in and take stuff? Sure you might be dumb but that doesn't mean it's legal. Maybe you should understand computer crime laws before you comment on them. By accessing and using computing services without the consent of the person that owns the system you have broken the law. PERIOD. Whether or not the action will be prosecuted depends on the system administrator and the DA in the area. I've found that most university sys admins are rather paranoid and defensive. Nothing might happen, of course you could get a letter in a week from your ISP notifying you that they are terminating your internet service for violations of their TOS.Originally posted by: rahvinHa that would hold up in court. Its a computing service conntected to the internet. Who's to say these fine folks just found the printer via a google link.Now if I had to break i through a firewall or there was a password screen saying "unauthorized use is prohibited" then they may have a case. Too bad whoever set the thing up is not very smart.Originally posted by: UberDave No some government contractor let the monkey out of his cage.
A felony? RIIIGHT!
As far as caliming to be some bad ass hacker. I never said that nor did anyone else so why don't you read the posts you asshat. If some admin is going to leave their printer unprotected like that then they are lucky that it was just printer and not a system with data on it.
§ 1030. Fraud and Related Activity in Connection with Computers
(5)
(A)
(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and
(c) The punishment for an offense under subsection (a) or (b) of this section is --
(1)
(A) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
(B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
(1) the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device;
(2) the term "protected computer" means a computer
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communications, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communications, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
(6) the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter;
8) the term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information;
(10) the term 'conviction' shall include a conviction under the law of any State for a crime punishable by imprisonment for more than 1 year, an element of which is unauthorized access, or exceeding authorized access, to a computer;
(11) the term 'loss' includes any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; and
(12) the term 'person' means any individual, firm, corporation, educational institution, financial institution, governmental entity, or legal or other entity.
(5)
(A)
(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and
(c) The punishment for an offense under subsection (a) or (b) of this section is --
(1)
(A) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
(B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
(1) the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device;
(2) the term "protected computer" means a computer
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communications, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communications, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
(6) the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter;
8) the term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information;
(10) the term 'conviction' shall include a conviction under the law of any State for a crime punishable by imprisonment for more than 1 year, an element of which is unauthorized access, or exceeding authorized access, to a computer;
(11) the term 'loss' includes any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; and
(12) the term 'person' means any individual, firm, corporation, educational institution, financial institution, governmental entity, or legal or other entity.
So, having legitimate services available for legitimate users is inherently insecure? Your "warning" is myopic, at it's absolute best. Do you ping scan every network segment and email the admins that they have legitimate services available?
"Hey Joe Admin, port 80 is open on your server!@#"
What you've done is no different than DOSing any web server you encounter? Are you going to email all admins and tell them they better take down their site because it's vulnerable to a DOS attack from security neophytes?
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter