HP Support Forums
Join in the conversation.
11-16-2011 10:27 AM
I support a HP Color LaserJet CP2025dn which ocassionally prints a page that says:
Sometimes the GET HTTP/1.1 statement is from http://www.sciencedirect.com.
I'm guessing that this is caused by some sort of web crawler that hits port 9100 at this printer's network address. Is there any setting on the HP Color LaserJet CP2025dn that I might make to stop these pages from printing?
[ I know that blocking this port at a router may solve the issue, but I'm looking for a solution that fixes the issue at the printer, thank you. ]
Thanks for your help!
06-08-2012 08:55 AM
Internet users, likely Chinese, scan addresses (computers, or other devices that are networked) on the Internet that accept certain connections. They do this to probe for vulnerabilities to exploit, or to route traffic through machines as a “proxy.” Being a proxy means loading and sending information at the request of another. This can be used to bypass local security, such as China’s severe Internet censorship. It can also be used to hide traces back to the source, such as when a criminal doesn’t want to be located when hacking.
The printers are set up such that they can communicate outside the local network. This allows printing from other networks, but can be located by Internet users doing scans. Printers appear to these scans as a possible proxy. The printed pages are the commands sent as a test of possible proxies for use. The command means “tell this device to load this website and report back.” The printer interprets the request as a print job and prints out the given command.
This needs a fix, but is not critical. There is risk to lost supplies. The pages are also a nuisance. There is a smaller risk of a printer vulnerability being exploited for more serious use. This would be a complex and targeted attack instead of a broad scan.
1) Block this traffic with a firewall
2) Block this traffic with printer access controls
3) Update the firmware on the printer to block this
4) Change the network configuration to not be accessible from the Internet.