For a class assignment we were asked to perform a denial of service attack against any system or process – remote or local (with permission from competent authority). The evaluation was based on UNIQUE tool, UNIQUE vector, and UNIQUE attack. I built my own simple tools to attack my home network printer.
As always, this is purely an academic exercise, and the readers of this blog post are encouraged to learn from this and better defend their assents from an attack. Do not try this on any system that you do not own or do not have explicit writ permission to work against.
Denial of Service or DoS attacks unlike other attacks are not know for their sophistication. Though there may be cases where and intelligent attack is mounted, usually it is a show of brute strength.
What I want to demonstrate in the blog is that victims of a remote DoS attacks are limited to internet connected servers and processes. Today there are many more devices connected to the internet. The Internet of Things (IoT) is causing an explosion of the number of devices that can now communicate over the internet. Interestingly this changes the dynamics of DoS attacks. Servers (cloud based or otherwise) certainly have a larger computing power than individual (IoT) and other non-server computing devices. Hence it would be a lot easier to bring down these devices with a traditional DoS attack.
In an earlier blog post (Identify Vulnerabilities and Remote Services on your Printer using NMAP) I had demonstrated that my printer at home, had some interesting services running on it, which included a Web and FTP server. For one of my school assignments last year we were asked to perform a DoS attack on any system or process. The uniqueness of the vector, tool, and technique would be considered for bonus points. I chose to perform this DoS attack against the Printer and Printing service.
My printer is a Brother MFCJ425W, but it is critical to note that the DoS was not specific to the device or the manufacturer. I wrote a few simple scripts named PrinterDOSAttackScripts, that are made available on GitHub.
Note that I performed these steps from my Kali VM, so I had to install the printer driver on the system. Since Kali is Debian based, the Debian install script from Brother printer worked perfectly! You can read about it on my blog post Setting up Brother Printer on Kali (or Debian).
There are 3 scripts included directed to 3 different vectors related to the printer,
1. Hog Attention
This script sends an infinite stream of junk data to TCP based print service ports on the printer using netcat. The printer gets too busy reading this junk data and ends up ignoring all legitimate requests.
Running hogAttention.sh sends an endless stream of junk to the printers JetDriver port,
This is what the Printer’s display looks like (infinitely accepting input stream),
If you tried to print during the time the script runs, the print job eventually times-out,
2. Exhaust physical resources
DoS against printers can target physical resources like Paper and Ink. The manyPrints.sh which is a part of PrinterDOSAttackScripts can either print N number of Black, Colored, or Blank pages.
3. Overwhelm print service (e.g. CUPS)
The above manyPrints.sh script was used to overwhelm the Printer service like CUPS. For this proof of concept I used, the mode (0), which prints blank pages, which is least wasteful of ink.
This is what the CUPS status page looks like under normal loads,
but under pressure, the the status page breaks (doesn’t show the status, shows error and success at the same time),
How do you defend against these attacks?
Printers continue to be quite defenseless, especially the home edition ones. Here are some defenses,
- Don’t expose devices on the internet like Printers and Scanners.
- If the printer supports security ACL use them to limit the number and size of print jobs.
- Disable unwanted services like FTP, Telnet, etc, if the printer model allows that.
- Place your printer behind a firewall, blocking unwanted services on the printer from external access, especially if the printer does not allow you to disable these services from the control panel.
- If possible enforce rule at the firewall level capping the number of requests per user and also who is allowed to use the printing devices and at what times of the day.
These youtube videos have a lot of info on vulnerabilities of Printers,
- DefCon (Network Printers and Other Networking Devices; https://www.youtube.com/watch?v=WxQ86bVzcIA)
- Shmoocon (Printers Gone Wild: https://www.youtube.com/watch?v=GZgLX60U3sY)