I've got something really weird going on. Something, somewhere, in my network, is generating print jobs agaisnt all defined printers, the userid is Administrator, with the job name of the form "smbprn_00000002 Remote Downlevel Document ", the userid "Administrator ", the job size arond 104k . All printers on a given system seem to be queued the job, which appears to have been generated on a Windows box, at least has some garbage at the start of the file that claims it can't run under DOS! The postscript datastream is bogus, resulting in 2 or 3 lines of output PER page, a ream or so of paper to print the job. Needless to say, I wasn't in good graces with other users of the printroom!
The smbprn part of the file name made me think this was coming in via Samba, I turned off Samba print (wasn't using it, so no loss), but had subsequent 'attacks'.
I am not sure what is causing this, something I am doing, or, some external cause.
I tried to track down where the offending jobs came from, but am not sure I am, or can, be succesful. My network has WinXP and Linux boxes (Cups running on the Linux boxes). The WinXP boxes use LPR for Linux print queues, and these WinXP 'printers' were shared, eg allowed access for SMB or LPR. In addition, the CUPS print queues were shared between other CUPS servers on the same subnet.
I started by turning off Samba print, and unSharing the WinXP print queues. Thought that did it, then had another 'attack'. Following the cups access log, tracked back two of the bad files, I *think* to a WinCenter server in another lab, and to a WebSphere server in another lab. I changed the access limits on the CUPS server to only allow access from within MY lab subnet, so far haven't seen another attack, but I am not confident that I have solved the issue.
Does the job name offer any clue?