Previous 1 2 3 Next 31 Replies Latest reply: Apr 22, 2013 10:02 AM by Alatark Go to original post
  • driller4 Level 1 (0 points)

    My understanding is "sqlexec()" is some kind of function for Microsoft SQL... or am I looking at a wrong place? If it actually is a hacker trying to attack, do you think it's targeting OS X or affect in anyway?  What should we do to prevent any further problems?

  • nanonanouk Level 1 (0 points)

    My printer just did it again and woke me up! I actually had my Mac disconnected from the network as I was getting paranoid so can't be an OS X thing.

     

    I have my printer connected via an Airport Express and just disabled Back to My Mac on the router, wonder if this will stop it happening again? Do you guys also have this enabled on your Airports?

  • mysstickly Level 1 (0 points)

    Yes, my printer is connected via Airport, too...

  • havenoapple Level 1 (5 points)

    For what it's worth, this happened to my HP printer (connected via wireless) at exactly the same time, and I have no Mac or other Apple equipment.

  • ashmj Level 1 (0 points)

    Ours has done the same thing 3 times this weekend. the printout we had was ö<de=IEEEMlsqlexec9.280.

     

    Our printer is an Epson PX730WD and I have printed 2 pictures wirelessly from my iPhone 4 ?????

     

    What's going on here

  • Llessur999 Level 4 (1,195 points)

    It is possible that nmap is scanning for server information.  It is worth noting that RDS, sqlexec, and tlitcp are associated with the Informix DBMS.  nmap includes an Informix library (and many others).

     

    http://nmap.org

     

    I suspect such scans on open ports are not unusual.

  • mysstickly Level 1 (0 points)

    Llessur999-

     

    That is sooooo over my head.

  • jpswade Level 1 (0 points)

    I too have had this problem.

     

    I've reported the problem on the HP forums but all I got was this canned response...

     

    http://h30434.www3.hp.com/t5/Printing-Issues-Troubleshooting/Random-strings-prin ted/td-p/1778381

     

    You'd think HP might take a potential security issue seriously.

  • servarevitas Level 1 (0 points)

    It would be advisable for anyone experiencing this issue to give a list of installed apps, to confirm that it is not a rogue app scanning your network from your device. If everyone experiencing the issue has a certain app installed, it may point to the issue.

  • JaggiD Level 1 (0 points)

    What Operating system are you using? i.e. win 7 Home premium 64 bits.

     


    This is the main support page for your printer, keep in your bookmark if you need to refer to it in a latert time.

     

    http://h10025.www1.hp.com/ewfrf/wc/product?cc=us&dlc=en&lc=en&product=5063582&su bmit=&

     

    Go to software and drivers download and select your operating system. You should also upgrade the firmware of the printer. if an upgrade is available.

     

     

    After that if you still facing this issue, Please follow this link www.hp.com/go/tools . Download and use the HP Print and scan doctor, It will check for problems of the different functionality Printing, Scanning and connectivity fixing most of them, if the utility cannot fix the issue let me know I will give my best effort to provide other troubleshooting steps and help you with your issue.

     

    HTH

     

    Original Post - http://h30434.www3.hp.com/t5/Printing-Issues-Troubleshooting/Random-strings-prin ted/td-p/1778381

     

    Thanks

    Jagdish Chichria

  • raesene Level 1 (0 points)

    Hi,

     

    I'd say you're almost definitely correct with that.  If the printers are listening on the Internet (have a public IP address) then they will get contacted by port scanners.

     

    I use NMAP in my day job and I always make a point of avoiding fully scanning network printers as it tends to make them spit out large numbers of pages with odd characters on them.

     

    the sqli and similar strings that people in this thread are seeing are likely from nmap probes looking to fingerprint the device.

     

    If you want to reproduce it, doing nmap -A -v -n <my_ip_address_here> should work ok.

     

    If you do have your printers listening on the Internet I'd recommend putting them behind a firewall as whilst nmap scans are not malicious in and of themselves they can be used by people with malicious intent.

  • hackajar Level 1 (0 points)

    A computer security tool called nmap was used on the public network you use (Cable, DSL, FiOS, etc.).  While scanning ports, and sending prob strings to open ports, your public IP had an open port from Internet to your Printer.  What you are seeing on the printout is a string attempting to prop SQLi port, but instead, ALL DATA RECEIVED ON PORT FORWARDED DIRECTLY TO PRINTER OUTPUT.  That is, anything sent to that port of your public IP address gets printed.

     

    Ask yourself:  Do I have printing available from my iPhone or Android device?  Did I install special software when I got my printer to do "printing from the web" on my computer?  Did I enable printing from iCloud? 

     

    These are signes that your printer is just hanging off the public internet and anyone can send junk to your printer and it will print!

  • MattDee Level 1 (0 points)

    Interesting...I got a hit the other day from an IP address originating in Thailand (WHOIS query showed me who owned the range) that attempted to access my mysqld...  Pass my firewalls and everything.  LittleSnitch was what alerted me.

     

    I'll be watching this thread

     

    - MattD

  • jpswade Level 1 (0 points)

    I have so far been unable to replicate the fault by using nmap externally on my IP range and as far as I'm aware my router doesn't have any ports open to my router.

     

    Just because this is an "ePrint" printer and it's "in the cloud" it does not mean the same thing as "publicly accessible".

     

    Has anyone else been able to replicate this problem yet?

  • BostonRedSoxFan Level 1 (0 points)

    I just got home from vacation to find three of these printouts as well. I had no devices other than a Logitech Revue hooked up to my router all week so this isn't coming from a locally connected machine (at least any of mine). I do have a HP Deskjet 5900 printer hooked into the Time capsule.