Aaron, i hope you took the information i shared with you into heavy consideration . Please contact me regarding UGC and firewall options after your lunch meeting. Timoteo "Timo " Vasquez Michigan State University IT Services Network & Security 517-884-3082 Troy Murray wrote: Hey Shaun, From what I've seen so far, it looks like this is being sent to the standard TCP/IP port for print jobs. Since most printers don't have a way to authenticate that the person printing is actually "valid", it will just accept and print the job. In the one lab that was happening in I set the gateway address to 0.0.0.0, since no one prints to this off campus, and it hasn't happen since (at least until the virus or whatever causes it starts operating from the campus network). The other lab that I support has everything behind their own firewall so that's been blocking the connections. -- Troy Murray Michigan State University College of Medicine Life Science 1355 Bogue St, B-136D East Lansing, MI 48824 E: [log in to unmask]<mailto:[log in to unmask]> P: 517-432-2760 F: 517-355-7254 RedHat 5 Certified Technician RedHat 5 Certified Systems Administrator HL7 V2.6/2.5 Certified Control Specialist On Jun 7, 2012, at 9:59 AM, Shaun Leininger wrote: I suspect that this is some sort of attempted scan/attack, but I’m uncertain how to move forward towards complete understanding of this, or a solution. Any thoughts? On multiple occasions, networked HP Laserjet printers have spit out single page prints with the following information: GET http://www.sina.com.cn/ HTTP/1.1 Host: www.sina.com.cn<http://www.sina.com.cn> Accept: */* Pragma: no-cache User-Agent: GET http://www.baidu.com HTTP/1.1 Host: www.baidu.com<http://www.baidu.com> Accept: */* Pragma: no-cache User-Agent: GET http://www.sciencedirect.com HTTP/1.1 Host: www.sciencedirect.com<http://www.sciencedirect.com> Accept: */* Pragma: no-cache User-Agent: Both appear to be popular Chinese websites, and not malicious on their own. Prints have appeared on HP Color Laserjet 3700, HP Laserjet 2200, HP Laserjet P3005dn. The printers are networked, not controlled by a print server, and have management passwords turned on. Disabling non-essential services on the printers from their web consoles has not stopped the prints. I do not manage the local network, and do not have any network/firewall logs to examine. Research has turned up others reporting identical prints: h30434.www3.hp.com/t5/Printer-Networking-and-Wireless/HP-Network-Printer-periodically-prints-a-page-from-a-web-crawler/td-p/1032985 Thanks, Shaun Leininger, CCNA Information Technology Professional Department of Anthropology 517-884-0388 -- Troy Murray Michigan State University College of Medicine Life Science 1355 Bogue St, B-136D East Lansing, MI 48824 E: [log in to unmask]<mailto:[log in to unmask]> P: 517-432-2760 F: 517-355-7254 RedHat 5 Certified Technician RedHat 5 Certified Systems Administrator HL7 V2.6/2.5 Certified Control Specialist