• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Do you need the WPS PIN to connect your printer? Click here for tips and tricks!
HP Recommended
LasetJet M4555 MFP

We have one HP M4555 MFP printer that is accepting anoymous ftp connections on port 221 and I can't figure out how to make it stop.  This is raising red flags with our network security scanner so want to know how I can turn that feature off.  We have all protocols other than 9100 printing turned off (including FTP Printing) but this one printer is still listening on port 221.  Interestingly, we have 2 identical model printers and only 1 is doing this and, as far as I can tell, they have identical configs.  However, the one that is doing this has firmware rev 3.7 and the one that isn't is still at 3.5.1 so maybe this is a feature added in the newer rev?

 

I can't say how much of a real security issue this is but it makes me very nervious that I can get to places like /Customer/Jobs/StoredJobs without any authentication at all.

 

Anyone have any ideas?

 

Thanks!

 

ps. here is a demonstration of what I see:

 

$ ftp _HOSTNAME_  221
Connected to _HOSTNAME_.
220 Service ready for new user.
500 Syntax error, command unrecognized.
Name (_HOSTNAME_:root): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230 User logged in, proceed.
Remote system type is Windows_CE.
ftp> dir
227 Entering Passive Mode (10,56,43,70,78,232).
125 Data connection already open; transfer starting.
01-01-98 05:00 <DIR> Network
01-01-98 05:00 <DIR> PREBOOT
01-01-98 05:00 <DIR> CEKERNEL
01-01-98 05:00 <DIR> Core
01-01-98 05:00 <DIR> MachineData
01-01-98 05:00 <DIR> Customer
01-01-98 05:00 <DIR> Extensible
01-01-98 05:00 <DIR> DataModel1
01-01-98 05:00 <DIR> DataModel2
01-01-98 05:00 <DIR> CtbData
01-01-98 05:00 <DIR> Interrupt
05-03-16 00:53 23 JediCE.src.revision.txt
05-03-16 00:53 <DIR> JediAdds
05-03-16 00:53 23 Control Panel.lnk
05-03-16 00:53 <DIR> My Documents
05-03-16 00:53 <DIR> Program Files
05-03-16 00:53 <DIR> Documents and Settings
05-03-16 00:53 <DIR> Temp
05-03-16 00:53 <DIR> Windows
226 Closing data connection.
ftp>

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

You can disable port 221 using IPsec/firewall option under "Networking" tab.

 

Steps:

Access IPsec/firewall. Set the default rule to "Allow". Start creating a rule. Choose "All IP address" for Address policy. When in service policy page, choose create a new service. Then create a custom service.

 

For custom service, give a name like "port221". Choose TCP. Choose "Printer/MFP service". Choose specific port for local. Enter port 221. Choose "Any" for remote port. A new service is created. Select it and click OK. You will return to the service policy page. Click the newly created "port221" service. Click "Next". Choose "Drop" action. Click "Next". Enable the IPsec/Firewall policy. When it returns to the main page, IPsec rules would have been created and enabled.

 

Thanks.

  

I am an HP employee supporting the HP Experts who volunteer their time and technical knowledge to help others. Opinions expressed are mine and do not necessarily reflect the opinions of HP.

 

If this has helped sloved the issue please click Kudos Star

View solution in original post

6 REPLIES 6
HP Recommended

You should be able to disable the port in security settings page in the printers embedded web server.  If you open a browser and go to the printer's IP address (ie: https://<your_printer_IP>) and then locate the security settings you can disable these ports in the firewall settings.

 

Here's a link to the manual for the printer.

 

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/action.process/public/psi/manualsDisplay/?s...

 

 

I am an HP employee.
Opinions expressed are mine and do not necessarily reflect the opinions of HP.

Reminder: Please select the Accept as Solution button on the post that best answers your question. Also, you may select the Kudos button on any helpful post to give that person a quick thanks.
HP Recommended

Thanks for the pointer but still no joy.  The only mention I find in the manual of "firewall" is in the context of "IPsec/Firewall".  I went to Networking > IPSec/Firewall in the web config and tried to create a rule to block port 221.  However, this doesn't appear to be possible.  I can block hosts based on IP address, IP ranges, or subnet specifiations but I don't see any way to block specific ports.  Am I missing something there or am I in the wrong place in the config?  I looked under the Security tab and just can't find anything there that seems relevant.

 

Since I have 2 identical M4555s, I did a dump of the diagnostic data on both and diff'ed the .xml files but didn't see anything of relevance that is different.  I have all the protocols other than 9100 printing disabled under Networking>Other Settings.

 

One other possible clue.  I also see that port 11111 is open on the problem printer in addition to 221 and neither of those ports are listening on the other one.  I don't know if these 2 ports are related in any way.

 

We have 50 enterprise HP printers of various types and I just did a port scan on them all looking for ports 221 and 11111.  The printer I'm working on is the only one of the 50 that has either of these ports open.  So, it is definitely the ood-printer-out around here.

 

Thanks for any further information you can provide!

HP Recommended

Is the printer with the open port the only one running the older firmware?  Occasionally firmware releases close security vulnerabilities.  It may be that 3.7 firmware (or 3.6) closed these ports.

I am an HP employee.
Opinions expressed are mine and do not necessarily reflect the opinions of HP.

Reminder: Please select the Accept as Solution button on the post that best answers your question. Also, you may select the Kudos button on any helpful post to give that person a quick thanks.
HP Recommended

You can disable port 221 using IPsec/firewall option under "Networking" tab.

 

Steps:

Access IPsec/firewall. Set the default rule to "Allow". Start creating a rule. Choose "All IP address" for Address policy. When in service policy page, choose create a new service. Then create a custom service.

 

For custom service, give a name like "port221". Choose TCP. Choose "Printer/MFP service". Choose specific port for local. Enter port 221. Choose "Any" for remote port. A new service is created. Select it and click OK. You will return to the service policy page. Click the newly created "port221" service. Click "Next". Choose "Drop" action. Click "Next". Enable the IPsec/Firewall policy. When it returns to the main page, IPsec rules would have been created and enabled.

 

Thanks.

  

I am an HP employee supporting the HP Experts who volunteer their time and technical knowledge to help others. Opinions expressed are mine and do not necessarily reflect the opinions of HP.

 

If this has helped sloved the issue please click Kudos Star

HP Recommended

Thanks for the detailed instructions.  I SHOULD have been able to figure this out on my own based on startrekkin's reply but, alas, I missed it.  Your extra hand holding is appreciated and I now have filtering rules in place to block ports 221 and 11111.  I'm still baffled as to why those ports were open in the first place but this is an acceptable workaround.  Thanks!

HP Recommended

Interestingly, the one with port 221 open was the one with the newer 3.7 firmware.  As a test, we backed it out to the 3.5.1 version to match the one that didn't have this problem but that made no change.  So, it doesn't appear it was related to the firmware version.

 

Anyone know what these ports 221 and 11111 are even used for anyway?  Thanks to startrekkin and Ssasik I have a workaround now with the firewall rules in place to block them but I'm just curious as heck why they are open in the first place and what they are used for.  But, the problem is resolved so this is largely academic at this point.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.