• Check your firewall logs for outbound traffic from your printers

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Business users » Check your firewall logs for outbound traffic from your printers

    • This topic has 12 replies, 7 voices, and was last updated 1 month ago.
    Author
    Topic
    #2448991

    The other day my copy/printer Ricoh vendor called me and said “we can’t get the printer counts from one of your copiers automatically, can you log it in via a web site” and up to this point in time we had faxed the counts in. One of the copiers has no internet access so like duh. I asked them how do they get the counts on the other three and they said “Oh we get it remotely“.

    “you remote into my office?”

    “yes”

    “Since when?”

    “Since one of our techs set it up”

    I was like …. uh when did you switch over to where you have access to my copiers remotely and thank you because I now have to answer my cyber insurance questions differently.

    Long story short they don’t ACTUALLY have remote access to my printers, but the printers DO beacon out to two Japanese IP addresses that they didn’t do before.

    The  MP c4504 copiers reach out to the IP address of 210.173.216.59

    The MP c4503 reaches out to the IP address of 210.173.216.40

    And dear vendors:

    1. Understand what is going on and don’t phrase it that “we have remote access”, this is not two way traffic, it’s one way
    2. Know exactly what IP addresses are being used and inform the customer.  In a perfect world (I’m not there yet) I would have full egress outbound filtering and would only allow outbound what I approve.  So your IP to an unknown location would have been blocked.

    Susan Bradley Patch Lady

    3 users thanked author for this post.
    Viewing 5 reply threads
    Author
    Replies
    • #2448996

      Find a new vendor.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
      offline▸ Acer AspireOne Atom N270 RAM2GB HDD GuineaPig
      online▸ Win11Pro 21H2.22000.739 x64 i5-9400 RAM16GB HDD Firefox103.0b2 MicrosoftDefender WuMgr
      • #2449006

        No kidding.  That’s not nice.

        @rcgate

        This info in the printers setup and I don’t remember it there before, so clearly they’ve updated the firmware along the way.

        Susan Bradley Patch Lady

        2 users thanked author for this post.
        • #2449012

          Wow. Just recently I added an additional firewall appliance to our network, and it puts all networked devices behind a ‘non-routable’ IP range. I disabled wifi on our HP printer, but it’s still on Ethernet. I’ve generally trusted HP, but maybe it’s time to re-consider that.

          And I’ve also made the network wired-only for many reasons. Not the least of which are that EMF pollution (including 5G) often makes living things sick without them knowing it. But a happy side effect of making things wired-only is that is I’m plugging some otherwise surprising holes in our network traffic.

          Finance, social and tech founder. Managing director of new crowd sourced games in pre-release development. Director on a new consortium to bring fractional ownership of heritage antiquities to the blockchain. My planet-wide talk show for people craving new stories by which to live is Casual Saints.
        • #2449018

          Search in your firewall logs for traffic that matches the IP address of the printers.  See if it’s ‘talking’ to anything.

          Susan Bradley Patch Lady

          1 user thanked author for this post.
        • #2449062

          I don’t update my printer’s firmware as it will block installing compatible toners.

    • #2449064

      Put your printers on a specific IP range and have your firewall block egress from that range?
      Put PCs on a specific IP range / subnet and only allow internet access from that range?
      Don’t allow any internal device to access the internet and put a proxy in. Set the proxy on allowed devices via GPO?

      cheers, Paul

      1 user thanked author for this post.
    • #2449104

      ? says:

      nice catch, Susan. in the olden days my HP895 CSE died so i went over to Walmart and picked up a HP 1000 for 20 bucks and hooked it up. much to my surprise it was phoning  home ostensibly to help me keep the ink cartridges full. removed a piece of software and problem solved. these days i just do’          “sudo systemctl disable –now cups cups-browsed.  printer spying problem solved…”

      • #2449127

        When one can’t easily discern why something is inexpensive (or free), it often turns out that our private data and/or private metadata are the true product. Whether or not we have assented to the terms of the clickwrap. Our HP printer was purchased on sale from Staples. It works well. But HP was also unnecessarily keen on tracking our ink and paper use via automated printer processes which would ‘phone home’ to HP. Nope. We decline to be HP’s product via our private metadata.

        Finance, social and tech founder. Managing director of new crowd sourced games in pre-release development. Director on a new consortium to bring fractional ownership of heritage antiquities to the blockchain. My planet-wide talk show for people craving new stories by which to live is Casual Saints.
    • #2449125

      Put your printers on a specific IP range and have your firewall block egress from that range?
      Put PCs on a specific IP range / subnet and only allow internet access from that range?
      Don’t allow any internal device to access the internet and put a proxy in. Set the proxy on allowed devices via GPO?

      cheers, Paul

      Those are all smart strategies. Merci. Although in our instance the firewall is meant to be an additional ‘proxy’. And since our new, additional firewall is using DHCP just fine, I didn’t want to fiddle with the thing by assigning address leases in it. I’ll be interested in noodling this through, for the sport of being happy with the actions and outcomes of my abilities.

      Finance, social and tech founder. Managing director of new crowd sourced games in pre-release development. Director on a new consortium to bring fractional ownership of heritage antiquities to the blockchain. My planet-wide talk show for people craving new stories by which to live is Casual Saints.
    • #2449181

      Do you pay by the copy?

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
    • #2449195

      Oh how nice it is to have the luxury of having a old Brother laser printer with an 8ft. USB cord that I just plug in when I want to print something occasionally.

      We're getting Sticker Shock everywhere now, not just car dealers.

    Viewing 5 reply threads
    Reply To: Check your firewall logs for outbound traffic from your printers

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: