Jeremiah Grossman posted about an interesting proof of concept paper Aaron Weaver wrote about spamming printers from the Internet. He is able to perform this cross-site printing exploit that uses RAW IP printing on port 9100 to print out ascii art on an unsuspecting user’s printer.
I decided to try this out for myself on my two Xerox printers at the office. I loaded up a web browser and pointed it to the printers IP address and port 9100, ala http://192.168.1.10:9100. This caused the printer to spit out a fairly benign page detailing my browser’s GET request.
Aaron goes on to discuss and give examples of possible attack vectors this could potentially use to spam your printer. Give his paper a look, it’s only four pages long and very easy to read and understand. And if you want to find all printers on your network listening on port 9100, run an nmap scan like the following:
nmap -p9100 192.168.1.0/24
You can also read about using netcat to print to port 9100 here.