Security engineers at Indiana University were stumped by a misbehaving printer, but lead engineer Nate Johnson solved the problem when he found a networking vulnerability.

While investigating the printer problem, Nate Johnson, IU lead security engineer, took a chance and tested the printer for vulnerability to an FTP Bounce Attack, a method used by malicious computer hackers to relay a network scan through another device, essentially covering their tracks online.

The FTP bounce attack has been around for over a decade, but Canon’s imageRUNNER printers were not configured by default to disallow misuse of the PORT command. A security engineer needs to be aware that new attacks are born every day, but the old ones don’t necessarily go away.

This entry was posted on Thursday, April 3rd, 2008 at 4:30 pm by Mike Markiewicz and is filed under hacking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.