Currently Being ModeratedAug 18, 2012 5:30 PM (in response to mysstickly)
My understanding is "sqlexec()" is some kind of function for Microsoft SQL... or am I looking at a wrong place? If it actually is a hacker trying to attack, do you think it's targeting OS X or affect in anyway? What should we do to prevent any further problems?
Currently Being ModeratedAug 18, 2012 8:03 PM (in response to driller4)
My printer just did it again and woke me up! I actually had my Mac disconnected from the network as I was getting paranoid so can't be an OS X thing.
I have my printer connected via an Airport Express and just disabled Back to My Mac on the router, wonder if this will stop it happening again? Do you guys also have this enabled on your Airports?
Currently Being ModeratedAug 18, 2012 8:27 PM (in response to nanonanouk)
Yes, my printer is connected via Airport, too...
Currently Being ModeratedAug 19, 2012 2:04 AM (in response to mysstickly)
For what it's worth, this happened to my HP printer (connected via wireless) at exactly the same time, and I have no Mac or other Apple equipment.
Currently Being ModeratedAug 19, 2012 7:27 AM (in response to mysstickly)
Ours has done the same thing 3 times this weekend. the printout we had was ö<de=IEEEMlsqlexec9.280.
Our printer is an Epson PX730WD and I have printed 2 pictures wirelessly from my iPhone 4 ?????
What's going on here
Currently Being ModeratedAug 19, 2012 7:06 PM (in response to mysstickly)
It is possible that nmap is scanning for server information. It is worth noting that RDS, sqlexec, and tlitcp are associated with the Informix DBMS. nmap includes an Informix library (and many others).
I suspect such scans on open ports are not unusual.
Currently Being ModeratedAug 19, 2012 8:18 PM (in response to Llessur999)
That is sooooo over my head.
Currently Being ModeratedAug 21, 2012 6:51 AM (in response to mysstickly)
I too have had this problem.
I've reported the problem on the HP forums but all I got was this canned response...
You'd think HP might take a potential security issue seriously.
Currently Being ModeratedAug 21, 2012 9:42 AM (in response to mysstickly)
It would be advisable for anyone experiencing this issue to give a list of installed apps, to confirm that it is not a rogue app scanning your network from your device. If everyone experiencing the issue has a certain app installed, it may point to the issue.
Currently Being ModeratedAug 21, 2012 10:07 AM (in response to mysstickly)
What Operating system are you using? i.e. win 7 Home premium 64 bits.
This is the main support page for your printer, keep in your bookmark if you need to refer to it in a latert time.
Go to software and drivers download and select your operating system. You should also upgrade the firmware of the printer. if an upgrade is available.
After that if you still facing this issue, Please follow this link www.hp.com/go/tools . Download and use the HP Print and scan doctor, It will check for problems of the different functionality Printing, Scanning and connectivity fixing most of them, if the utility cannot fix the issue let me know I will give my best effort to provide other troubleshooting steps and help you with your issue.
Currently Being ModeratedAug 21, 2012 12:39 PM (in response to Llessur999)
I'd say you're almost definitely correct with that. If the printers are listening on the Internet (have a public IP address) then they will get contacted by port scanners.
I use NMAP in my day job and I always make a point of avoiding fully scanning network printers as it tends to make them spit out large numbers of pages with odd characters on them.
the sqli and similar strings that people in this thread are seeing are likely from nmap probes looking to fingerprint the device.
If you want to reproduce it, doing nmap -A -v -n <my_ip_address_here> should work ok.
If you do have your printers listening on the Internet I'd recommend putting them behind a firewall as whilst nmap scans are not malicious in and of themselves they can be used by people with malicious intent.
Currently Being ModeratedAug 21, 2012 6:15 PM (in response to mysstickly)
A computer security tool called nmap was used on the public network you use (Cable, DSL, FiOS, etc.). While scanning ports, and sending prob strings to open ports, your public IP had an open port from Internet to your Printer. What you are seeing on the printout is a string attempting to prop SQLi port, but instead, ALL DATA RECEIVED ON PORT FORWARDED DIRECTLY TO PRINTER OUTPUT. That is, anything sent to that port of your public IP address gets printed.
Ask yourself: Do I have printing available from my iPhone or Android device? Did I install special software when I got my printer to do "printing from the web" on my computer? Did I enable printing from iCloud?
These are signes that your printer is just hanging off the public internet and anyone can send junk to your printer and it will print!
Currently Being ModeratedAug 21, 2012 6:50 PM (in response to mysstickly)
Interesting...I got a hit the other day from an IP address originating in Thailand (WHOIS query showed me who owned the range) that attempted to access my mysqld... Pass my firewalls and everything. LittleSnitch was what alerted me.
I'll be watching this thread
Currently Being ModeratedAug 23, 2012 3:43 AM (in response to mysstickly)
I have so far been unable to replicate the fault by using nmap externally on my IP range and as far as I'm aware my router doesn't have any ports open to my router.
Just because this is an "ePrint" printer and it's "in the cloud" it does not mean the same thing as "publicly accessible".
Has anyone else been able to replicate this problem yet?
Currently Being ModeratedAug 25, 2012 7:54 AM (in response to jpswade)
I just got home from vacation to find three of these printouts as well. I had no devices other than a Logitech Revue hooked up to my router all week so this isn't coming from a locally connected machine (at least any of mine). I do have a HP Deskjet 5900 printer hooked into the Time capsule.