Prevent PJL commands being printed on dot matrix printers

I would have thought this problem was already solved, but i can’t seem to find it in the forums.

Even on a Base scan, our network connected dot matrix printers are printing junk on paper. I’m using just the community feed with the GSM-TRIAL-20.08.7-VMware-Workstation.ova

I can’t seem to find a way to prevent the wasted paper. It is printing:
-12345X@PJL INFO ID
-12345X

Unfortunately this never can be solved fully because every printer behaves differently (e.g. i never have seen a printer so far printing out these valid PJL commands) and a printer needs to be detected previously that the existing mitigations are working.

See the following topic below for some more background information. As an alternative you can also exclude the known PJL / raw printing ports like 9100/tcp (please lookup your printer manual which ones the related printer is using) from your port list.

1 Like

@cfi Thank you for replying!

Here’s one of the things that tried, but failed to fix the problem:

From a linux machine, I nmap’d a sample printer. added all the open ports except tcp/80 to the ‘Scan Config’ of ‘Base Clone 1’. (tcp/280,515,538,9290 in the parameter named “Do not print on AppSocket and socketAPI printers”) And the global variable for “Exclude printers from scan” is set to ‘yes’.

Are you suggesting that I can fix my problem by creating a clone of Port List ‘All IANA assigned TCP and UDP’ - and exclude the ports there?

Honestly, I’m a bit uncertain about all these settings to avoid scanning printers. On the one hand, I don’t want to print junk on expensive form paper. On the other hand, I’m afraid that printers are some of the biggest vulnerabilities on our network.

9290 sounds like soch a “raw printing” port (i can only do guessing in this case). What i would do is exactly this:

but only exclude the port 9290.

An alternative would be to try to grab some of the banners like described in Scan causing unexpected printing on Toshiba Copier/Modify Scans - #7 by cfi - Vulnerability Tests - Greenbone Community Forum and post them here. I could create an internal to add a detection for this kind of printers but can’t promise anything on the time it will get implemented.

@cfi Thanks again for taking the time to answer questions on this forum.

After I posted my question yesterday about cloning the Port List, I decided to simply try it, and see what happened. Didn’t post the results of my test yesterday because the scan wasn’t finished by the end of my work day. Here’s what I changed from the defaults:

  • Cloned Port List 'All IANA assigned TCP and UDP" - and removed only tcp/9100
  • Cloned Scan Config “Full and fast”, and enabled all the NVTs that I could find (66385)
  • unchecked the global variable “Exclude printers from scan” - because I want to find vulnerabilities on our printers (and I’m not sure this option is working anyway)

I think that the result of these changes is what we want. It didn’t print junk on the paper, and it did discover one high severity vulnerability (Report default community names of the SNMP Agent). Maybe this is an acceptable compromise.

I’m going to include info about the banners from this printer, just in case it might help someone:

root@localhost# nc -vvv {$ipofprinter} 23
npi6d1ff2.domain.local [{$ipofprinter}] 23 (telnet) : Connection refused
sent 0, rcvd 0
root@localhost# nc -vvv {$ipofprinter} 21
npi6d1ff2.domain.local [{$ipofprinter}] 21 (ftp) : Connection refused
sent 0, rcvd 0
root@localhost# snmpwalk -v 2c -c public {$ipofprinter}
Timeout: No Response from {$ipofprinter}
root@localhost# curl --noproxy ‘*’ -i http://{$ipofprinter}
HTTP/1.0 200 OK
Server:HTTP/1.0
Content-Type:text/html

{html}
{head}
{title}Hewlett Packard{/title}
{/head}
{SCRIPT TYPE = “text/javascript”}
version = navigator.appVersion.substring(0,4);
if(navigator.appVersion.indexOf(“Macintosh”)!=-1){
document.writeln(“Macintosh OS is not supported to run this application.”);
document.close();
}
else if(navigator.appName==“Microsoft Internet Explorer” && (navigator.appVersion.indexOf(“MSIE 3.01”) != -1 }} navigato
r.appVersion.indexOf(“MSIE 3.02”) != -1 }} navigator.appVersion.indexOf(“MSIE 3.03”) != -1)){
document.writeln(“This IE version is not supported to run the application. You can use 4.0 with SP1 or higher.”);
}
else if(navigator.appName==“Netscape” && (version == “3.0 " }} version == 3.01 }} version == 4.04 )){
document.writeln(“Netscape version “, version, " is not supported to run this application. You can use Netscape 4.01, 4.
02, 403, 4.05 or higher”);
}
else{
document.writeln(”{frameset cols=140,5,,6 frameborder=no border=0 framespacing=0 hspace=0 vspace=0}");
document.writeln("{frameset rows=46,6,
,6 frameborder=no border=0 framespacing=0}”);
document.writeln("{frame src=border.html marginwidth=0 marginheight=0 noresize scrolling=no}");
document.writeln("{frame src=border.html marginwidth=0 marginheight=0 noresize scrolling=no}");
document.writeln("{frame src=Navmenu.html name=frmList topmargin=0 marginwidth=0 marginheight=0 scrolling=auto}");
document.writeln("{frame src=border.html marginwidth=0 marginheight=0 noresize scrolling=no}");
document.writeln("{/frameset}");
document.writeln("{frame src=border.html marginwidth=0 marginheight=0 noresize scrolling=no}");
document.writeln("{frameset rows=46,6,*,6 frameborder=no border=0 framespacing=0}");
document.writeln("{frame src=TopLine.html marginwidth=0 marginheight=5 scrolling=no noresize}");
document.writeln("{frame src=border.html marginwidth=0 marginheight=0 noresize scrolling=no}");
document.writeln("{frame src=Home.html name=frmTabFrames marginwidth=0 marginheight=5 topmargin=5 scrolling=auto}");
document.writeln("{frame src=border.html marginwidth=0 marginheight=0 noresize scrolling=no}");
document.writeln("{/frameset}");
document.writeln("{frame src=border.html marginwidth=0 marginheight=0 noresize scrolling=no}");
document.writeln("{/frameset}");
document.writeln("{noframes}{font face=Helvetica color=red size=3}{b}You must use a frame capable browser to view this p
age.{/b}{/font}{/noframes}");
}
{/SCRIPT}
{/html}

1 Like

Thanks a lot for this follow-up and the related HTML source code.

I have raised an internal task to review the current HP printer detection if it can be improved to catch devices like this as well.

To have it tracked here, in the meantime various detection improvements for printers in general but also HP specific ones have been done and it might be possible that the printer is now detected in more detail.

Any feedback or similar is always welcome.

2 Likes