Solved

Suspect Network Printer Infected by Virus

Posted on 2003-11-20
14
1,083 Views
Last Modified: 2013-12-07
We have a stand alone network printer running TCP/IP that is connected to our network via CAT-5 to our switch.  Our broadband internet bandwidth has been running at 25kbps but when we unplug the printer from the switch, our bandwidth increases to 1.2mbps (normal speed).  The activity light on our switch also goes crazy when the printer is plugged in.

The printer is a Xerox Phaser 860.

Could this possibly be a virus that has infected the printer itself or some other problem (ie. printer is simply malfunctioning)?  

Tks.
0
Comment
Question by:jeffmsas
  • 3
  • 3
  • 3
  • +3
14 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9789424
Hi jeffmsas,

As far as I know there are no virusses for printers, but maybe your internetrouter let's it send outside the LAN, try blocking access to the internet for the printer.

Greetings,

LucF
0
 

Author Comment

by:jeffmsas
ID: 9789443
The printer itself doesn't have a username on the network so how can we block access to the internet for the printer?
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9789491
You can block the IP adres wich your printer uses.
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 100 total points
ID: 9789626
Viruses are OS- or application-specific. Unless the Phaser 860 runs something vulnerable like Windoze, its highly unlikely that some virus has magically installed itself in the printer.

Your problem could be something as simple as a malfunctioning NIC in the printer that's sending out a lot of garbage frames or packets, overloading your router interface. If you can swap NICs in the printer, try that.

Also verify that the UTP cable plugged into the printer is good (try swapping it with another known-good cable).

Perhaps the switch port is bad - try a different switch port.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9791164
Have you tried using a sniffer to watch exactly what sort of crazy traffic the printer is generating?  That would go a long way towards solving your problem.

Cheers,
-Jon

0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
ID: 9791499
I would login to the printer`s webserver and disable:
1) all protocols which are not needed(e.g. appletalk, IPX/spx etc.)
2)ensure that NO gateway is set (some printer utilities will search for ever for an smtp management server for instance)
3)disable IPP (internet printing protocol)
4)remove the printer's mac address or IP address from the allowed hosts on your router.
review what ports and utilities  you use to connect to this printer.Some software will only work satisfactorily on a self containred LAN, and will cause havoc on a WAN
0
 
LVL 1

Expert Comment

by:ThePowderedToastMan
ID: 9791919
These types of problems usually indcate a bad NIC.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 34

Expert Comment

by:PsiCop
ID: 9797465
I thot I said that. :-)
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
ID: 9799994
Also, a lot of printers and MFPs these days actually run winnt, win2k, NetBSD and Linux as operating systems!
(Ricoh MFPs= NetBSD, early Ricoh colour = Windows Atwork, Konica = NT4 or win2K, Toshiba MFPs = Linux, etc.)

These days , network connected printers and MFPs are PCs connected to a scanner and printer in one box, often running a specialized version of an established OS.

The biggest mistake you can make is to set a gateway in the printer`s settings.

We have had hackers attack network printers  via SNMP, thinking that they are a router or other network device.
0
 

Author Comment

by:jeffmsas
ID: 9800204
I just wanted to let everyone know that we are still having the problem.  I've tried filtering the printers IP address and port in the broadband router config.  I've removed the gateway from the printer's network settings and any other protocol that I thought would help, I've reset the router and printer, I've moved the printer to a different port on the switch, nothing seems to help.  We talked to a Xerox lead support tech and he said he's never experienced this before.  I also called our internet service provider and they don't see a problem either.  

The only way we can kill the traffic between the printer and internet is to unplug the printer from the switch.

I'm still working on the issue.  I'll post again when we get a fix for it.  Tks.

0
 
LVL 1

Expert Comment

by:ThePowderedToastMan
ID: 9800277
PSIcop - a simple concurrence, no point stealing intended old chap-

Jeff, PULL THE NIC AND PUT A NEW ONE IN!

TOPTM
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9800409
Remind me not to buy any Konica network printers...

TPTM - No problem
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
ID: 9816489
If you are still having problems,  PSIcop is probably right.
0
 

Author Comment

by:jeffmsas
ID: 10496279
Replaced defective switch.  Tks PsiCop.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now