How do I check to see if my scans are setup to detect printers correctly? “Do not print on AppSocket and socketAPI printers” OID: 1.3.6.1.4.1.25623.1.0.12241 and “Do not scan printers” OID: 1.3.6.1.4.1.25623.1.0.11933 are both enabled. I’ve disabled most of the linux/*BSD/Unix NVT’s, mainly Windows shop. I’m using the community version.
Currently, the printers are wasting paper. The IP’s are generally being listed as Linux devices. Most of the printers are Toshiba e-STUDIO2515AC. There are over 200 printers on our network.
Previous threads have requested info to make sure the printers are detected correctly, happy to provide that.
Detection of the printers is crucial to not further scan them and wasting paper and I guess this didn’t happen for your printer models (make sure that e.g. “Toshiba Printer Detection Consolidation” OID: 1.3.6.1.4.1.25623.1.0.142901 is as well enabled in your scan config).
To extend the detection and solving the problem can you please provide us with the output from e.g. wget http://$printer_ip (or curl or whatever you prefer, we need some pointers in the HTTP response to extend the detection)? If you see other output which could be helpful (e.g. from “SNMP sysDescr Detection and Reporting” OID: 1.3.6.1.4.1.25623.1.0.103416") please provide these too.
“Toshiba Printer Detection Consolidation” OID: 1.3.6.1.4.1.25623.1.0.142901 is enabled. How to I see the output from SNMP sysDescr Detection and Reporting” OID: 1.3.6.1.4.1.25623.1.0.103416 or any NVT?
The output from “SNMP sysDescr Detection and Reporting” will be available in the scan report and can e.g. be filtered or manually searched in the report. Mind that the SNMP port needs to be in the port list of the scan config (with additionally e.g. the community string set) and that it only reports if SNMP is enabled on the printer.
If you have any example output from HTTP responses you should be able to post it here raw as we need the HTML code to extend the detection.
Thanks for the reply. I’ve found how to see results of NVT’s. It looks like they are detected as printers. Not appearing to scan 9100, but is trying ftp, smtp etc. I’ve seen the printer output definitely coming from openvas, can see openvas printeted on pages. I scan our networks weekly and for the moment have excluded printer IP’s, but will continue to test.
Note that some printers might expose such “Raw printing ports” (on which printers are printing out everything they are receiving) on different / multiple ports.
Additional ports (they would need to be looked up in the printer manual) to be excluded once a printer has been identified can be added to the preferences of the following VT (the existing scan config would need to be “cloned” for this):
Name: Do not print on AppSocket and socketAPI printers
OID: 1.3.6.1.4.1.25623.1.0.12241
Family: Settings