Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Network Appliances :: oce9400.htm

OCE' 9400 plotter can be a telnet proxy!

    OCE' 9400 plotters


    Those having OCE' 9400 plotters


    Larry W.  Cashdollar found  following.   He has  a few  plotters /
    printers  under   his  audit   umbrella  and   noticed   something
    interesting on an Oce' 9400 plotter.  The printer has the  ability
    to be  a telnet  proxy.   Where as  a user  can hop  via telnet to
    other hosts.  If the printer is not setup properly the connections
    will go unlogged.

        bunyip% telnet JPP1
        Connected to JPP1.
        Escape character is '^]'.

        Network Printer Server Version 5.6.3 (

        login: root
        Password:[Just enter here]

        Welcome root user

        WARNING: current and stored values differ.
        Use 'list diff' command to find the differences.
        Current values will be lost if unit is reset.> telnet
        trying ...
        Connected to
        Escape character is '0x18'

        Red Hat Linux release 5.9 (Starbuck)
        Kernel 2.2.3-5 on an i586
        login:> list sysinfo
                  version: 5.6.3
            serial number: 13029
                 compiled: Mar 25 1998    loginfo: sys
                    email: NetPrint@<unconfigured>
               dns server:
                   module: novell, appletalk, netbios
                 checksum: 1E54

    All that  is needed  is a  valid DNS  server setup  in the plotter
    configuration.> set sysinfo dns

    And anyone can use the plotter as an anonymous telnet proxy.

    That  above  looks  to  be  like  the  same  firmware  as  certain
    intelligent   hubs   with   integrated   Terminal/Printer   server
    capabilities...  The model in question is made my a company called
    Microplex, and it's a discontinued model called the M208.

        (Mon 6:17am) seamus@rtfm ttya7:~> telnet XXXXXXX
        Trying XXX.XXX.XXX.XXX...
        Connected to XXX.XXX.XXX.XXX.
        Escape character is '^]'.

        Network Printer Server Version 5.6.3 (XXX.XXX.XXX.XXX)

        login: root
        Password: <root pw here>

        Welcome root user

        XXX.XXX.XXX.XXX:root> list sysinfo
                     name: XXXXXXXXXXXXXXX
                  contact: XXXXXXXXXXXXXXX
                 location: Insomnia Communications NOC
                  version: 5.6.3
            serial number: 572
                 compiled: Jul 16 1998
                 checksum: 668E
                  loginfo: sys
                  logport: syslog
                   syslog: XXXXXXXXXXXXXXX
                    email: root@XXXXXXXXXX
               dns server: XXXXXXXXXXXXXXX
                   module: novell, appletalk, netbios

    There  is,  however,  quite  a  bit  of documentation in the hub's
    manual about setting a root password, and the importance of  doing
    so..  don't  know  who  decided  to  use  this  same  firmware  in
    plotters/printers or what their documentation is like, however  it
    seems to come down to the general rule of never leave a peripheral
    unpassworded on your network if  you want to avoid these  sorts of
    problems (telnet proxy, etc..)


    Enable passwords for the accounts on the plotter:

        syntax: set user add <NAME>
                 set user del <NAME>
                 set user passwd <NAME> [<PASSWORD>]
                 set user type <NAME> root|guest
                 set user from default|stored

    Enable logging:

        syntax: set logpath <LOGPATH> name <NEW_NAME>
                 set logpath <LOGPATH> type [[-]job] [[-]user] [[-]pgcnt] [[-]cksum]
                             [[-]printer] [[-]ioport]
                 set logpath <LOGPATH> port <TCP-PORT>|email|syslog
                 set logpath from default|stored

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH