- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Message on printer...is this some sort of hack?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Message on printer...is this some sort of hack?
This message was on my printer this morning...anyone know what this means?
I have a Nighthawk R7000P with Armor activated.
# GET / HTTP/1.1
Host: Internet address
Accept: */*
User-Agent: python-requests/2.9.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
Could be any vulnerable scanner testing the printer port for the presence of a Web server service. However, good scanner don't hide behind a generic "User-Agent: python-requests/2.9.1" ...
# GET / HTTP/1.1
Host: Internet address
Accept: */*
...
What is the Internet address is shown (printed) here?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
The Host Internet address on the printed message is not the same as my router IP address....would this mean that the Host address is the IP address from which this message is coming from?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
Is it a private LAN (RFC 1918) address - assumingly from your own LAN (don't worry, millions of installations make use of these, so there would be nothing wrong to post) - probably of a system where you have installed Bitdefender for example?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
Actually it’s very close to my IP address...beginning with 192. Is it possible that this is related to Bitdefender....this started soon after installing Armor on my system...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
Of course, the Armor (Bitdefender) does run some vulnerability tests over all network devices discovered - so this is most likley an IP address of a machine where you have installed it.
And again, you can post these 192.168.x/24 addresses - we're all using the same (except those which are on the 10/8 prefix or in the 172.16/12 prefixes.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
I have two printers attached to the router and since the "trial version" of the NETGEAR's ARMOR was installed, about 40 pages of copier paper have been trashed! Each "cycle" uses five pages. The first page is a six lines message that starts with the GET / HTTP/1.1 line. By the fifth page, it is a one liner of a few ASCII characters?! "Nice" feature NETGEAR!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
@TIRESIAS wrote:I have two printers attached to the router and since the "trial version" of the NETGEAR's ARMOR was installed, about 40 pages of copier paper have been trashed! Each "cycle" uses five pages. The first page is a six lines message that starts with the GET / HTTP/1.1 line. By the fifth page, it is a one liner of a few ASCII characters?! "Nice" feature NETGEAR!
Typical behavior when doing fingerprinting and security tests on open ports trying for a Web server. Depending on the vulnerability checks run, e.g. some CGI and/or overflow tests, some "specific" code is sent to these ports, what can lead to random output - or worst case it can make the printer port hang or lock up.
That's the "fun" when dealing with automated and scheduled vulnerability testing. Netgear resp. Bitdefender has to find way to exclude some devices (by IP, by MAC) from the regular "attacks". @Christian_R please push this forward to the Armor and Bitdefender teams.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Message on printer...is this some sort of hack?
so in the meantime I have disabled Armor.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more