Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Strange Print-out: Potential Hacker?

Platonist

Platonist

macrumors member
Original poster
Nov 3, 2006
79
2
So, I have searched the web (and Macrumors) for a solution to this and have come up woefully short. I have now received 5 printed 'messages' from my HP Laserjet 1320 that is connected to the USB port on my Airport Extreme. They say the following:

GET http://zerg.helllabs.net/cgi-bin/textenv.pl HTTP/1.1
Host: zerg.helllabs.net
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Accept: */*
Accept-Language: zh-cn
Connection: Keep-Alive

♦☺PJ}β↕♣☺

Is this something about which I should be concerned? My worry is that someone is trying to get into my network (for whatever reason). I saw that one other person had mentioned this in the 'Basics' forum, but I thought that since there were no replies there I would try over here.

Any input would be greatly appreciated!
 
I have seen some of the posts on the 'WAN Printer Settings' issue but they were rather speculative and I still wasn't satisfied with the explanations offered. If someone could offer a brief, semi-plain english answer as to what is going on it would be appreciated. I have had this set up for over 4 years and this had never happened before the past few weeks. Why the change?
 
Platonist said:
I have seen some of the posts on the 'WAN Printer Settings' issue but they were rather speculative and I still wasn't satisfied with the explanations offered. If someone could offer a brief, semi-plain english answer as to what is going on it would be appreciated. I have had this set up for over 4 years and this had never happened before the past few weeks. Why the change?
Click to expand...
There's a brief discussion of proxy checkers here, that might help:
http://www.corpit.ru/mjt/proxycheck.html

Make sure your network is secured by a WPA2 password that's fairly complex. Also, make sure your firewall is enabled and check your settings for Sharing.
 
Basically, if I understand correctly, the people sending that information are attempting to find and exploit vulnerabilities on port 9100 (according to the link GGStudios posted) by telling any machine with that port forwarded to it to run that perl script that follows the GET command. If your network wasn't secured properly and that port was forwarded to a Windows machine on your network, it would infect the machine and make it a zombie for the hackers to use in an attack against somebody else (and it would be traced to you as it would be your computer attacking). However, as that port is set to forward to your printer, it's merely printing out the request instead. Closing the port by disabling printing over WAN should stop the prints. The only thing that's changed is that the hackers are now targeting your IP address. However, if you close the port, you'll have nothing to worry about (especially if you have a decent antivirus/firewall on your PC).
 
Great -- I think I am starting to understand now. So, I have no PCs on the network -- only Macs. I have turned off the WAN printer sharing, WPA2 security is on (has been all along), the firewall is running on all machines (again, they have had the firewalls on the whole time), and I have a fairly long and difficult to guess password (though I have not changed it in a while). Having said all of that, how much of a danger is this? It sounds as though I am fine, but I don't like the idea of someone trying to break into my network via my IP address (if that is an accurate way to characterize things). Is this senseless paranoia on my part or are there real concerns to mitigated here...

Many thanks!
 
Platonist said:
It sounds as though I am fine, but I don't like the idea of someone trying to break into my network via my IP address (if that is an accurate way to characterize things). Is this senseless paranoia on my part or are there real concerns to mitigated here...
Click to expand...
Yes, there are hackers out there all the time, looking for vulnerable systems to exploit, but there's no reason you have to worry, if you've taken reasonable steps to secure your system. For more security information, read the following link, including the very last part, on enhancing your Mac security.
 
You've taken every precaution you can. You're safe. The reality is there are tons of attempts such as this occuring every day. And chances are they happened upon your IP by "accident" (probably a program that tries random IP addresses and hopes for the best). The best thing to do is to set up the best type of defense you possibly can, such as using antivirus and firewall programs and by closing all unused open ports on your network. I highly doubt you are the intended target of this attack, but merely just an attempt to increase their arsenal of zombie systems. There is no way to stop these attacks completely short of taking your entire network down, but that would be going a tad too far.
 
Many thanks for the replies! It's nice to know that there are folks out there willing to explain these things to those of us with little experience in the matter(s).
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back