Print

Print
We have experienced the same thing the last few days at the General Counsel office. I have scanned for malware/viruses on each workstation but still had the printouts come back. Trying to isolate the source of the printouts has been dificult  because they seem to print after hours. If you find out anything please pass along.

Thanks!
 
Aaron Ledger
Michigan State University
IT Services - Departmental Support 
(517) 884-3013 Work
(517) 355-5176 Fax
(517) 775-3875 Cell
Email: [log in to unmask]

On Jun 7, 2012, at 9:59 AM, Shaun Leininger wrote:

I suspect that this is some sort of attempted scan/attack, but I’m uncertain how to move forward towards complete understanding of this, or a solution. Any thoughts?
 
On multiple occasions, networked HP Laserjet printers have spit out single page prints with the following information:
 
GET http://www.sina.com.cn/ HTTP/1.1
Accept: */*
Pragma: no-cache
User-Agent:
 
GET http://www.baidu.com HTTP/1.1
Accept: */*
Pragma: no-cache
User-Agent:
 
Accept: */*
Pragma: no-cache
User-Agent:
 
 
Both appear to be popular Chinese websites, and not malicious on their own. Prints have appeared on HP Color Laserjet 3700, HP Laserjet 2200, HP Laserjet P3005dn. The printers are networked, not controlled by a print server, and have management passwords turned on.
 
Disabling non-essential services on the printers from their web consoles has not stopped the prints. I do not manage the local network, and do not have any network/firewall logs to examine.
 
 
Thanks,
 
Shaun Leininger, CCNA
Information Technology Professional
Department of Anthropology
517-884-0388