Printer spamming on port 9100

Jeremiah Grossman posted about an interesting proof of concept paper Aaron Weaver wrote about spamming printers from the Internet. He is able to perform this cross-site printing exploit that uses RAW IP printing on port 9100 to print out ascii art on an unsuspecting user’s printer.

I decided to try this out for myself on my two Xerox printers at the office. I loaded up a web browser and pointed it to the printers IP address and port 9100, ala This caused the printer to spit out a fairly benign page detailing my browser’s GET request.

While this accomplishment in itself is not that exciting, Jeremiah had already shown how easy it is to determine internal IP addressing details in his Black Hat 2007 presentation, Hacking The Internet From The Intranet. Check out the simple script at that displays a visitor’s internal IP address, even if you’re visiting the site from behind a NAT router or firewall. Imagine some clever JavaScript discovering all devices listening on port 9100, all from the Internet!

Aaron goes on to discuss and give examples of possible attack vectors this could potentially use to spam your printer. Give his paper a look, it’s only four pages long and very easy to read and understand. And if you want to find all printers on your network listening on port 9100, run an nmap scan like the following:

nmap -p9100

You can also read about using netcat to print to port 9100 here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: