Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Our printer just spontaneously printed two strings...

Our printer just spontaneously printed out two sheets of paper.


The first had this on it: "ö☺<de=♠IEEEMlsqlexec♠9.280"


And the second sheet had this on it: "RDS\#R000000♣sqli☺3☺♣nmap♣nmapol=tlitcp☺h"


Can anyone help me figure out what this might indicate?

Posted on Aug 18, 2012 12:43 PM

Reply
31 replies

Aug 18, 2012 2:05 PM in response to mysstickly

I'm going to guess that the common theme here is that we're all forwarding port 9100 or 631 to our printer to allow ourselves to print from outside the network, which sets up an HTTP server at that address open to the internet. All it takes is for somebody to put the appropriate GET request in, but the SQL attack wouldn't be very useful on a printer.

Aug 18, 2012 2:09 PM in response to spale75

It doesn't say "sqlite3," it says "sqli."


"3. What is SQLI ?

We know Some About SQL and Vulnerability.. Now you think What is this SQLI.. I Stands for Injection , Inject. This is Not a Injection Of Doctor’s.. But it Work as a Real Injection .. Ok.. leave this Crap thing..

Now Actually What is Injection .. Injection means inject… Injection Inject the Database through Vulnerability. and Leech the Data From Database.Now your have Question in Your Mind that Why We Use .. SQLI…

We learn Injection Inject the Database But how.. It Use the SQL Command to Inject a Database.. that this is Know as SQLi.. Now one another Question Which type of Command .. But Don’t worry .. Because here We use Basic Command Like Union ,Select, Group by etc.. Now you Know What is SQL,SQLI, or Injection..

Now You think We Know Vulnerability,,SQLi but ..How We find that What is the Format Of Vulnerability.. bla bla bla .. ok .ok .. See here . Basically in the SQLI .. the Format Of Vulnerable String is like this… "

Aug 18, 2012 3:08 PM in response to mysstickly

It happened here too. First my Brother HL-5370 printed it, then about 10 minutes later, my HP OfficeJet 7310 printed a slightly different string. They both have the "IEEEMlsqlexec" in common.


Both of our printers have public IP addresses, with the Brother is a bit higher (x.x.x.05) than the HP (x.x.x.02). Looks like somebody is methodically testing addresses, looking for exploitable machines. Our web servers are higher up and none appear to have been hacked, so I'm guessing (hoping) OS X is impervious to this particular attack.

Aug 18, 2012 8:03 PM in response to driller4

My printer just did it again and woke me up! I actually had my Mac disconnected from the network as I was getting paranoid so can't be an OS X thing.


I have my printer connected via an Airport Express and just disabled Back to My Mac on the router, wonder if this will stop it happening again? Do you guys also have this enabled on your Airports?

Aug 21, 2012 10:07 AM in response to mysstickly

What Operating system are you using? i.e. win 7 Home premium 64 bits.


This is the main support page for your printer, keep in your bookmark if you need to refer to it in a latert time.


http://h10025.www1.hp.com/ewfrf/wc/product?cc=us&dlc=en&lc=en&product=5063582&su bmit=&


Go to software and drivers download and select your operating system. You should also upgrade the firmware of the printer. if an upgrade is available.



After that if you still facing this issue, Please follow this link www.hp.com/go/tools. Download and use the HP Print and scan doctor, It will check for problems of the different functionality Printing, Scanning and connectivity fixing most of them, if the utility cannot fix the issue let me know I will give my best effort to provide other troubleshooting steps and help you with your issue.


HTH


Original Post - http://h30434.www3.hp.com/t5/Printing-Issues-Troubleshooting/Random-strings-prin ted/td-p/1778381


Thanks

Jagdish Chichria

Aug 21, 2012 12:39 PM in response to Llessur999

Hi,


I'd say you're almost definitely correct with that. If the printers are listening on the Internet (have a public IP address) then they will get contacted by port scanners.


I use NMAP in my day job and I always make a point of avoiding fully scanning network printers as it tends to make them spit out large numbers of pages with odd characters on them.


the sqli and similar strings that people in this thread are seeing are likely from nmap probes looking to fingerprint the device.


If you want to reproduce it, doing nmap -A -v -n <my_ip_address_here> should work ok.


If you do have your printers listening on the Internet I'd recommend putting them behind a firewall as whilst nmap scans are not malicious in and of themselves they can be used by people with malicious intent.

Aug 21, 2012 6:15 PM in response to mysstickly

A computer security tool called nmap was used on the public network you use (Cable, DSL, FiOS, etc.). While scanning ports, and sending prob strings to open ports, your public IP had an open port from Internet to your Printer. What you are seeing on the printout is a string attempting to prop SQLi port, but instead, ALL DATA RECEIVED ON PORT FORWARDED DIRECTLY TO PRINTER OUTPUT. That is, anything sent to that port of your public IP address gets printed.


Ask yourself: Do I have printing available from my iPhone or Android device? Did I install special software when I got my printer to do "printing from the web" on my computer? Did I enable printing from iCloud?


These are signes that your printer is just hanging off the public internet and anyone can send junk to your printer and it will print!

Aug 23, 2012 3:43 AM in response to mysstickly

I have so far been unable to replicate the fault by using nmap externally on my IP range and as far as I'm aware my router doesn't have any ports open to my router.


Just because this is an "ePrint" printer and it's "in the cloud" it does not mean the same thing as "publicly accessible".


Has anyone else been able to replicate this problem yet?

Our printer just spontaneously printed two strings...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.