Hello,
our organization has a RICOH Pro C7200SX printer, and I’m strongly suspecting Greenbone caused it to print lots of garbage pages today.
I suspect that the printer isn’t recognized by Greenbone?
Expected/desired result: the printer should be recognized by Greenbone and should be ignored.
My question is: can you look at whether Greenbone is lacking detection for this specific printer? If so, hopefully the information below helps you implement the proper detection.
Thanks in advance.
Details:
It printed about 20-50 pages with mostly binary garbage (usually just a few lines), and one page contained a simple HTTP GET request (it was only 3-5 lines, not very informative).
We are using the ‘Full and fast’ scan config, and the ‘Exclude printers from scan’ option is set to ‘Yes’.
We haven’t had this before, so I’m guessing it may be due to something that has recently been introduced via the feed updates?
In case it’s relevant, these are our current feed dates:
20210908 - Greenbone Community Feed
20210903 - Greenbone Community SCAP Feed
20210903 - Greenbone Community CERT Feed
20210809 - Greenbone Community gvmd Data Feed
Package versions:
greenbone-security-assistant-21.4.0-18437.el8.art.x86_64
gvm-21.4.0-18451.el8.art.noarch
gvmd-21.4.0-18444.el8.art.x86_64
Here’s the output of various protocols, to help you detect the printer in Greenbone:
Telnet:
(no output, not running)
SNMP:
snmpwalk -v 2c -c public $ipofprinter
A link to the SNMP output: https://pastebin.com/nvduX1cJ
FTP:
nc -vvv $ipofprinter 21
Ncat: Version 7.70 ( https://nmap.org/ncat )
NCAT DEBUG: Using system default trusted CA certificates and those in /usr/share/ncat/ca-bundle.crt.
NCAT DEBUG: Unable to load trusted CA certificates from /usr/share/ncat/ca-bundle.crt: error:02001002:system library:fopen:No such file or directory
libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
libnsock nsock_connect_tcp(): TCP connection requested to _removed_:21 (IOD #1) EID 8
libnsock nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [_removed_:21]
Ncat: Connected to _removed_:21.
libnsock nsock_iod_new2(): nsock_iod_new (IOD #2)
libnsock nsock_read(): Read request from IOD #1 [_removed_:21] (timeout: -1ms) EID 18
libnsock nsock_readbytes(): Read request for 0 bytes from IOD #2 [peer unspecified] EID 26
libnsock nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [_removed_:21] (33 bytes): 220 EFI FTP Print server ready...
220 EFI FTP Print server ready.
libnsock nsock_readbytes(): Read request for 0 bytes from IOD #1 [_removed_:21] EID 34
Note this line: 220 EFI FTP Print server ready.
HTTP:
wget http://$ipofprinter
Index page / :
<HTML>
<script language="JavaScript" src="readCookie.js">
</script>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=wt4/home">
</HTML>
…which redirects to:
wget http://$ipofprinter/wt4/home
See the next forum posts for the HTTP output, since I can’t upload attachments yet as a new user.