Orbi WiFi 7 RBE973
Reply

Re: Message on printer...is this some sort of hack?

Qballgreg
Aspirant

Message on printer...is this some sort of hack?

This message was on my printer this morning...anyone know what this means?

 

I have a Nighthawk R7000P with Armor activated.

 

# GET / HTTP/1.1

Host: Internet address

Accept: */*

User-Agent: python-requests/2.9.1

Connection: keep-alive

Accept-Encoding: gzip, deflate

Message 1 of 11
schumaku
Guru

Re: Message on printer...is this some sort of hack?

Could be any vulnerable scanner testing the printer port for the presence of a Web server service. However, good scanner don't hide behind a generic "User-Agent: python-requests/2.9.1" ...

 

# GET / HTTP/1.1

Host: Internet address

Accept: */*
...

 

What is the Internet address is shown (printed) here?

Message 2 of 11
Qballgreg
Aspirant

Re: Message on printer...is this some sort of hack?

The Host Internet address on the printed message is not the same as my router IP address....would this mean that the Host address is the IP address from which this message is coming from?

Message 3 of 11
schumaku
Guru

Re: Message on printer...is this some sort of hack?

Is it a private LAN (RFC 1918) address - assumingly from your own LAN (don't worry, millions of installations make use of these, so there would be nothing wrong to post) - probably of a system where you have installed Bitdefender for example?

Message 4 of 11
Qballgreg
Aspirant

Re: Message on printer...is this some sort of hack?

  Actually it’s very close to my IP address...beginning with 192.  Is it possible that this is related to Bitdefender....this started soon after installing Armor on my system...

Message 5 of 11
schumaku
Guru

Re: Message on printer...is this some sort of hack?

Of course, the Armor (Bitdefender) does run some vulnerability tests over all network devices discovered - so this is most likley an IP address of a machine where you have installed it.

 

And again, you can post these 192.168.x/24 addresses - we're all using the same (except those which are on the 10/8 prefix or in the 172.16/12 prefixes.

Message 6 of 11
TIRESIAS
Initiate

Re: Message on printer...is this some sort of hack?

I have two printers attached to the router and since the "trial version" of the NETGEAR's ARMOR was installed, about 40 pages of copier paper have been trashed! Each "cycle" uses five pages. The first page is a six lines message that starts with the GET / HTTP/1.1 line. By the fifth page, it is a one liner of a few ASCII characters?! "Nice" feature NETGEAR!

Message 7 of 11
schumaku
Guru

Re: Message on printer...is this some sort of hack?


@TIRESIAS wrote:

I have two printers attached to the router and since the "trial version" of the NETGEAR's ARMOR was installed, about 40 pages of copier paper have been trashed! Each "cycle" uses five pages. The first page is a six lines message that starts with the GET / HTTP/1.1 line. By the fifth page, it is a one liner of a few ASCII characters?! "Nice" feature NETGEAR!


Typical behavior when doing fingerprinting and security tests on open ports trying for a Web server. Depending on the vulnerability checks run, e.g. some CGI and/or overflow tests, some "specific" code is sent to these ports, what can lead to random output - or worst case it can make the printer port hang or lock up.

 

That's the "fun" when dealing with automated and scheduled vulnerability testing. Netgear resp. Bitdefender has to find way to exclude some devices (by IP, by MAC) from the regular "attacks". @Christian_R  please push this forward to the Armor and Bitdefender teams.

Message 8 of 11
Lionkill
Aspirant

Re: Message on printer...is this some sort of hack?

It's happening to me too. Definitely the Netgear armor on my orbi network.
Message 9 of 11
DexterJB
NETGEAR Moderator

Re: Message on printer...is this some sort of hack?

Hi @Lionkill, this has been reported to engineering and is currently being worked on. We will provide an update once available.

 

Dexter

Message 10 of 11
swarick
Aspirant

Re: Message on printer...is this some sort of hack?

so in the meantime I have disabled Armor.

Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 11652 views
  • 8 kudos
  • 6 in conversation
Announcements

Orbi WiFi 7