Compromised printer?

Question

Today the office printer produced three sheets with what seems to be random characters, and in the middle a string random1random2random3random4. This raised a red flag with us. Is this something to be worried about? We use the full stack of Meraki Go with Cisco Umbrella subscription activated. The printer model is Brother DCP-L5500DN, which is connected over ethernet directly to the router.

Here are the prints: Print 1 Print 2 Print 3

Could this be an attack? Any advice on how to approach this? Thanks!

You are aware that pretty much no one here will be aware of a compromised printer EVER in his career? Does that sort of answer the question? I definitely have not ever heard of something like this - more that some access TO the printer was compromised, but not the printer itself. — TomTom, Apr 28 '21 at 19:44

score 1 · Answer 1 · answered Apr 28 '21 at 20:03

Turns out that an employee ran an NMAP scan to discover some devices. Apparently this can cause an unexpected print (???). Below from the Meraki forum:

*Look what I found. I am going to try this on some of my printers: https://github.com/nmap/nmap/issues/2237

Describe the bug Aggressive option '-A' on printers produce unwanted print : binary blob with 'random1random2...'. The printed payload 'random1random2...' is located here : "/usr/share/nmap/nselib/shortport.lua" line 261 To Reproduce Run the following command on a printer device : nmap -A X.X.X.34 -vvvvvvvvv -p 9100 --script-trace*

Kudos to Meraki Community member Brandon S

Second this. We had the same thing happen. It was related to a valid NMAP scan. — Zach Riley-Kelley, Jun 24 '21 at 13:50

Compromised printer?

1 Answers1