Scan causing unexpected printing on Toshiba Copier/Modify Scans


#1

When scanning Toshiba MFP, many pages of garbage print gets produced. Ideally, we’d be able to scan them for their vulnerabilities without the print. Is there a way to accomplish this?

Also, I have 50± scheduled tasks, and about as many of these MFPs. How can I exclude the copiers without recreating all of the tasks? Other things will come up along the way. Recreating tasks isn’t really a viable solution.

Thanks and be well,
Ken


#2

Answering this question currently requires some additional background on printer scans and why this is happening:

  1. Generally a Full and Fast scan excludes a known and previous detected printer from a scan by default. Scanning a printer requires the setting Exclude printers from scan in the following VT set to no:

    Global variable settings (OID: 1.3.6.1.4.1.25623.1.0.12288)

    As noted previously this requires that the printer is detected. If you havn’t changed this setting then it is very likely that the printer wasn’t detected at all, please see the end of this posting for some more information for this case.

  2. Most printers are exposing one or more specific PJL / Raw printing ports (TCP) which are often configurable by the user. Every VT and/or nmap service probe sending some data to the PJL / Raw printing port(s) will cause your printer to print out the data sent to it.

To avoid the situations of 2. the following VT:

Do not print on AppSocket and socketAPI printers (OID: 1.3.6.1.4.1.25623.1.0.12241)

tries to exclude some common known ports (namely 9100-9107 and 9112-9116) if a printer was detected.

Depending on your printer and the exposed ports you might need to add / update the ports to exclude in that VT.

It could be also possible that this VT is not detecting your printer at all (See 1. above). Then we could update it to detect it, for this every info like:

  • Full printer type
  • HTTP/FTP/Telnet banner
  • HTML code of the start page
  • SNMP SysDesc

etc. could help.


#3

This seems like very useful information. I’m relatively new to OpenVAS so, I’m not 100% sure I understand. This gives me some things to poke around at, though.

Thanks for the input. More to follow…


#4

No worries. Please don’t hesitate to ask here again if something isn’t that clear or if you have further questions (e.g. how to get the mentioned banner info etc.).


#5

Thanks, how to I apply the second solution?


#6

How do I determine which VT is causing the issue? I see a couple of pages of text that are somewhat readable. It appears that the scan that caused the printing was on port 9100. The only VT that it looks like would have caused this was “Unknown OS and Service Banner Reporting”. I created a new scan config including only that VT and it didn’t cause the MFP to print.


#7

Unfortunately this highly depends on the services (e.g. FTP, SNMP, HTTP) the printer is exposing and if the exposed data is helping us to detect the printer.

But basically you can try to run the following calls (Linux system required) to see if they are giving you any output and post the output in here after removing any sensitive data:

Telnet:

nc -vvv $ipofprinter 23

FTP:

nc -vvv $ipofprinter 21

SNMP:

snmpwalk -v 2c -c public $ipofprinter

HTTP:

curl -i http://$ipofprinter

In this case it is not a matter of which VT is causing the issue as every VT (there might be hundreds) sending some data to that port will cause your printer to print out some text. If you have a linux system at hand you can even print some text from command line like e.g.:

echo "Hello world" | nc -vvv $ipofprinter 9100

and your printer will start to print out this text.