When we perform a FullAndFast scan (on a GSE 21.04) to a printer (model Xerox Altalink C8055), the device starts printing pages with a single line of content (OSSEC A: ‘$ greenbone_hostname’). What could be the cause of this behavior? is it possible to exclude some NVT to avoid it?
Hi,
For some general information about scanning printers and unexpected page printing see as well Scan causing unexpected printing on Toshiba Copier/Modify Scans - #2 by cfi
Does the printer get detected by “Xerox Printer Detection Consolidation” (OID: 1.3.6.1.4.1.25623.1.0.141824)?
So if your printer didn’t got detected we appreciate all input like:
- ports open
- HTTP/FTP/Telnet banner
- HTML code of the start page
- SNMP SysDescr
to extend the detection.
2 Likes
Hijacking the topic a bit but Canon Imagerunner 1730i is also experiencing this isue.
Management interface is located at http://ip/_top.html
To avoid that printers are printing out papers while getting scanned you can also always exclude the related ports of the “raw printing” port (usually 9100 but could be also some of the more unusual like 2000, 2501, 9101-9107, 9112-9116, 9200 or 10001) from your port list.
2 Likes
Sorry for delay! The printer was not recognized correctly. Here is the requested information:
PORTS:
PORT STATE SERVICE
80/tcp open http
443/tcp open https
515/tcp open printer
631/tcp open ipp
3702/tcp open ws-discovery
9100/tcp open jetdirect
51333/tcp open unknown
53202/tcp open unknown
53303/tcp open unknown
53404/tcp open unknown
BANNERS:
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd
443/tcp open ssl/http Apache httpd
9100/tcp open jetdirect?
HTML code of the start page:
<!-- Copyright (c) 2002-2016 Xerox Corporation. All Rights Reserved.Copyright protection claimed includes all forms and matters of
copyrightable material and information now allowed by statutory or
judicial law or hereinafter granted, including without limitation,
material generated from the software programs which are displayed
on the screen such as icons, screen and the like.
-->
<script type="text/javascript">
document.location = '/stat/welcome.php?tab=status';
</script>
SNMP SysDescr
SNMPv2-MIB::sysDescr.0 = STRING: Xerox AltaLink C8055; SS 101.002.009.00300, NC 101.002.00300, UI 101.002.00300, ME 063.022.000, CC 101.002.00300, DF 007.019.000, FI 010.019.000, FA 0.0.0, CCOS 101.009.00300, NCOS 101.009.00300, SC 013.015.010, SU 101.002.00300
2 Likes
Thanks a lot for providing this information on the printer, that will definitely help to improve our Xerox printer detection to cover more different models.
I have created an internal task to review/check and possibly update the related detection for this specific printer model(s).
3 Likes
Thanks for the heads up. Created as well an internal task to update the detection for Canon Imagerunner models.
In the meantime if you have some specific information as done for the AltaLink C8055 above we appreciate any input.
3 Likes
In the meantime the detection for Xerox printers have been updated to cover as well the mentioned AltaLink C8055. This should arrive in one of the next feed updates.
Let us know if this solves the problem.
3 Likes
One additional note on this, only the detection via HTTP got improved as the detection via SNMP for this specific devices already worked as expected during our tests. A missing printer detection via SNMP can have two reasons:
- Port 161/udp wasn’t included in the port list assigned to the scan task
- The device is using a non-default community and this community hasn’t been assigned to the scan task via 10 Scanning a System — Greenbone Security Manager (GSM) 21.04.11 documentation
3 Likes
The Canon printer detection got some refurbish with additional patterns for various models which should land in one of the next feed updates.
Please let us know (best in a separate thread) if there are still any unidentified Canon (or other brand) printers with as much information as possible.
4 Likes