HPE Community
Operating System - HP-UX
1849476 Members
6289 Online
104044 Solutions
New Discussion

Re: Printer Traffic

 
SOLVED
Go to solution
Manuales
Super Advisor

‎12-15-2007 01:55 PM

‎12-15-2007 01:55 PM

Printer Traffic

Hi ..
could you tell me what i have to do according to the following request? i mean, how can i verify that one?


While testing the migration to the new firewall we have found a lot of printer traffic being blocked coming from California and NewJersey going to 111.222.69.243. The source IP addresses are 111.222.80.64 (port 9100) and 111.222.65.139 (port 515). The traffic is hitting the firewall and being blocked, Can you look at the print queues and let me know what device you are expecting at 111.222.69.243? This traffic has been blocked for a long time, it is not related to the firewall migration, but we identified it because we were looking for odd dropped traffic today.

I do not know what device the requester refers.
could you please let me know what i have to do?

Thanks.
0 Kudos
Reply
6 REPLIES 6
Patrick Wallek
Honored Contributor

‎12-15-2007 02:10 PM

‎12-15-2007 02:10 PM

Solution

Re: Printer Traffic

Have you tried pinging 111.222.69.243? What about nslookup to see if it has a hostname? You could also try telnet and a web browser to see if that IP address responds.
Reply
Manuales
Super Advisor

‎12-15-2007 02:23 PM

‎12-15-2007 02:23 PM

Re: Printer Traffic

If i ping 111.222.69.243 does not responds and if i nslookup does not responds: Non-existent domain.

This guy wants to know the following:
what device you are expecting at 111.222.69.243?

what do i have to check to let him know that one?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎12-15-2007 02:27 PM

‎12-15-2007 02:27 PM

Re: Printer Traffic

Hi Manuales:

> This guy wants to know the following:
what device you are expecting at 111.222.69.243?

I think that he is asking about the expected protocol at the port assigned. For example, port 515 is the standard port for LPR/LPD (so-called "remote" or Line-Printer-Remote/Line-Printer-Daemon) implementations.

Regards!

...JRF...
Reply
Manuales
Super Advisor

‎12-15-2007 03:48 PM

‎12-15-2007 03:48 PM

Re: Printer Traffic

ok .. we could verify it ...
it is a printer ip address ...

thanks.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-15-2007 08:04 PM

‎12-15-2007 08:04 PM

Re: Printer Traffic

The HP JetDirect LAN card normally uses port 9100 and it is not unusual for port 515 (standard Unix printing) as well as port 9100 to be blocked by routers and firewalls. This is the default configuration and must be overidden once the traffic is determined to be safe for Internet transmission. A printer is particularly unsafe because the sender rarely thinks about the consequences of having their print job copied and examined.

The source of the blocked traffic is where you start looking. If you are not expecting the traffic, someone has a badly configured system that needs to be fixed. If you are indeed expecting the printer traffic, I would leave it blocked until your security department evaluates what is happening and makes a decision on whether to shutdown the printing traffic or allow it through the firewall.

Of course this all assumes that there is a printer located at the two IP addresses. Note that 9100 can only be a printer, most likely an HP model, while the port 515 machine might be a computer acting as a print server.


Bill Hassell, sysadmin
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-16-2007 07:05 PM

‎12-16-2007 07:05 PM

Re: Printer Traffic

I would request that the Firewall team open ports 515 (LPR/LPD protocol) and ports 9100-9102 (HP JetDirect Protocol). While the vast majority of JetDirect devices use port 9100 only, some external JetDirects have multiple parallel and serial ports so that one external JetDirect can service up to 3 physical printers (hence ports 9100,9101, and 9102).
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.