Results 1 to 7 of 7

Thread: HP printer discovery rules

  1. #1
    Member
    Join Date
    Feb 2012
    Location
    Slovenia
    Posts
    65

    HP printer discovery rules

    Hi.
    I think that discovery rules for HP printers are not correct, because it looks at openports(631,9100).
    What about print servers? They also have this ports :P

    Would it be better if discovery rule is one (or combination of more) of the following:
    osvendor HP
    ostype printer
    macvendor hewlet packard

    Just mentioning this as a suggestion, so discovery for others will work better I have already modified my configuration..

  2. #2
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,130

    Re: HP printer discovery rules

    You means CUPS-like tools also open the 9100 port?

    I'll try your rule and scan my own cups and printers to see the problem, and commit your version

    Thanks
    No direct support by personal message. Please open a thread so everyone can see the solution

  3. #3
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,130

    Re: HP printer discovery rules

    Can you send me an outpout of the command :
    Code:
    nmap_discovery_runner.py -t PRINTERIP
    Thanks
    No direct support by personal message. Please open a thread so everyone can see the solution

  4. #4

    Re: HP printer discovery rules

    I'll anwser instead of matjaz with printers here

    But there is a problem with this rules as it tests ports 631 et 9100 but shinken discovery exit function with true when there are one of the port in the list matching. So it match at 631 but doesn't test 9100 and so when we want to scan a linux server with cups server then it will be tagged with printer-hp but it isn't.
    So either match test code must to be rewrite to test every items in a list to exit true or rewrite the rule with one line for each port, like that :

    Code:
    define discoveryrule {
        discoveryrule_name    HPPrinterState
        creation_type      host
        openports        631
        openports        9100
        +use           printer-hp
    }
    Or we can use rule proposed by matjaz.

    There is my output :

    Code:
    nmap_discovery_runner.py -t hplaser5
    Got our target ['hplaser5']
    propose a tmppath /tmp/tmpvWPHXC
    Launching command, sudo nmap hplaser5 -sU -sT --min-rate 1000 --max-retries 0 -T4 -O --traceroute -oX /tmp/tmpvWPHXC
    Try to communicate
    Got it ('\nStarting Nmap 5.21 ( http://nmap.org ) at 2012-07-16 15:36 CEST\nWarning: xxx.xxx.xxx.xxx giving up on port because retransmission cap hit (0).\nWarning: xxx.xxx.xxx.xxx giving up on port because retransmission cap hit (0).\nNmap scan report for hplaser5 (xxx.xxx.xxx.xxx)\nHost is up (0.0013s latency).\nrDNS record for xxx.xxx.xxx.xxx: hplaser5.syleps.fr\nNot shown: 1943 closed ports, 35 filtered ports\nPORT   STATE     SERVICE\n23/tcp  open     telnet\n80/tcp  open     http\n280/tcp  open     http-mgmt\n443/tcp  open     https\n7627/tcp open     unknown\n9100/tcp open     jetdirect\n14000/tcp open     unknown\n37/udp  open|filtered time\n111/udp  open     rpcbind\n137/udp  open|filtered netbios-ns\n161/udp  open|filtered snmp\n363/udp  open|filtered rsvp_tunnel\n2049/udp open     nfs\n5353/udp open     zeroconf\n6004/udp open|filtered X11:4\n8900/udp open|filtered unknown\n33459/udp open|filtered unknown\n34125/udp open|filtered unknown\n34861/udp open|filtered unknown\n34862/udp open|filtered unknown\n48761/udp open|filtered unknown\n58178/udp open|filtered unknown\nMAC Address: 00:12:79:E0:09:47 (Hewlett Packard)\nDevice type: printer|storage-misc|broadband router|WAP\nRunning: HP embedded, IBM embedded, Siemens embedded, Kaiomy embedded, Planet embedded\nOS details: HP LaserJet 2420 printer, IBM DF-4000 ProFibre Storage Array, or Siemens C-110 ADSL modem, Kaiomy AL-2014PW wireless ADSL modem or Planet ADE-4110 ADSL modem\nNetwork Distance: 1 hop\n\nOS detection performed. Please report any incorrect results at http://nmap.org/submit/ .\nNmap done: 1 IP address (1 host up) scanned in 2.18 seconds\n', 'Warning: Traceroute does not support idle or connect scan, disabling...\n')
    Can be ('embedded', '', '100', 'printer', 'HP')
    Will dump ('embedded', '', 'printer', 'HP')
    hplaser5::isup=1
    hplaser5::os=embedded
    hplaser5::osversion=
    hplaser5::ostype=printer
    hplaser5::osvendor=hp
    hplaser5::macvendor=hewlett packard
    hplaser5::openports=23,80,280,443,7627,9100,14000,111,2049,5353
    hplaser5::fqdn=hplaser5
    hplaser5::ip=xxx.xxx.xxx.xxx
    And another ones slightly different :

    Code:
    ../libexec/nmap_discovery_runner.py -t hplaser6
    Got our target ['hplaser6']
    propose a tmppath /tmp/tmpk320iJ
    Launching command, sudo nmap hplaser6 -sU -sT --min-rate 1000 --max-retries 0 -T4 -O --traceroute -oX /tmp/tmpk320iJ
    Try to communicate
    Got it ('\nStarting Nmap 5.21 ( http://nmap.org ) at 2012-07-16 15:36 CEST\nWarning: xxx.xxx.xxx.xxx giving up on port because retransmission cap hit (0).\nWarning: xxx.xxx.xxx.xxx giving up on port because retransmission cap hit (0).\nNmap scan report for hplaser6 (xxx.xxx.xxx.xxx)\nHost is up (0.0044s latency).\nrDNS record for 10.145.3.24: hplaser6.syleps.fr\nNot shown: 836 closed ports, 631 filtered ports, 529 open|filtered ports\nPORT  STATE SERVICE\n21/tcp open ftp\n23/tcp open telnet\n80/tcp open http\n631/tcp open ipp\nMAC Address: 00:10:83:54:86:54 (Hewlett-packard Company)\nDevice type: print server\nRunning: HP embedded\nOS details: HP JetDirect J3110A print server\nNetwork Distance: 1 hop\n\nOS detection performed. Please report any incorrect results at http://nmap.org/submit/ .\nNmap done: 1 IP address (1 host up) scanned in 6.20 seconds\n', 'Warning: Traceroute does not support idle or connect scan, disabling...\n')
    Can be ('embedded', '', '100', 'print server', 'HP')
    Will dump ('embedded', '', 'print server', 'HP')
    hplaser6::isup=1
    hplaser6::os=embedded
    hplaser6::osversion=
    hplaser6::ostype=print server
    hplaser6::osvendor=hp
    hplaser6::macvendor=hewlett-packard company
    hplaser6::openports=21,23,80,631
    hplaser6::fqdn=hplaser6
    hplaser6::ip=xxx.xxx.xxx.xxx

  5. #5
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,130

    Re: HP printer discovery rules

    Hum... catch mutiple lines is not managed. I don't see how to manage this case so :'(
    No direct support by personal message. Please open a thread so everyone can see the solution

  6. #6

    Re: HP printer discovery rules

    You mean that we must have only one condition to match in a discovery_rule ?

    matjaz rules with filtering by ostype + osvendor isn't enough ?

    Else some modifications in matchingitems.py to ask to match all values if comma separated list is provided, no ? I can handle that

  7. #7
    Low-level discovery rule in “not supported” state - matches events

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •