just wanted to get some thoughts on the amount of risk and damage that can be done with networked printers. many of them are left with default usernames and passwords or have small password length maxiums that can be bruteforced.
so my point is that its fairly easy to find unsecured printers but my question is what do you think about the impact this can have.
things you can do:
-upload and download and store files via ftp
-most run a webserver that you can store and retrieve files on
-most run open SMTP relays or can become open SMTP relays
-the attacker can change settings that can lead to denial of service or wasted resource usage
-if the printer stores the jobs an attacker can potentially view all the stored jobs and can view private info
-if the printer is LDAP enabled the attacker can harvest emails or send emails on behalf of the printer
things it doesnt appear to be able to do
-bounce thru the printer as a proxy
-port scan or launch attacks on the network via the printer
i'm not saying the above stuff is ok to have on your network but its not a command prompt either. so thoughts on how bad a threat this is?