Open IPP Report

LAST UPDATED: 20220-08-08

This report identifies devices that have an open IPP (Internet Printing Protocol) service enabled on port 631/TCP. This means anyone can connect to these devices (printers) anonymously. An attacker can abuse such devices for information disclosure including potential access to and manipulation of print jobs. Remote code execution vulnerabilities have also been uncovered in the past on various printer models and could potentially be exploited as well.

For more details behind the scan methodology and a daily update of global IPP scan statistics please visit our dedicated Open IPP scan page.

We first announced the scan in a blog post titled Open IPP Report – Exposed Printer Devices on the Internet.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report was enabled as part of the European Union INEA CEF VARIoT project.

This report has an IPv4 and IPv6 version.

Filename(s): scan_ipp, scan6_ipp

Fields

timestamp

Time that the IP was probed in UTC+0
ip

IP of the device in question
protocol

Transport layer protocol used (always tcp)
port

Port response came on (usually 631)
hostname

Reverse DNS name of the device in question
tag

ipp
asn

ASN of where the device in question resides
geo

Country where the device in question resides
region

State / Province / Administrative region where the device in question resides
city

City where the device in question resides
naics

North American Industry Classification System Code
ipp_version

IPP version (if present)
cups_version

CUPS version returned (if present)
printer_uris

URIs of the exposed printer (if present)
printer_name

Trivial name of the printer (if present)
printer_location

Location of printer (if present)
printer_info

Information about printer (if present)
printer_more_info

Location to find more information about printer (if present)
printer_make_and_model

Information about printer manufacturer (if present)
printer_firmware_name

Name of the printer firmware (if present)
printer_firmware_string_version

Human readable list of firmware version (if present)
printer_firmware_version

Firmware version (if present)
printer_organization

Organization printer belongs to (if present)
printer_organization_unit

Organizational unit printer belongs to (if present)
printer_uuid

UUID of printer (if present)
printer_wifi_ssid

Wireless network printer belongs to (if present)

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","ipp_version","cups_version","printer_uris","printer_name","printer_info","printer_more_info","printer_make_and_model","printer_firmware_name","printer_firmware_string_version","printer_firmware_version","printer_organization","printer_organization_unit","printer_uuid","printer_wifi_ssid"
"2020-06-07 14:06:58","192.0.2.5","tcp",631,"5.0.2.192.dyn.user.ono.com","ipp",12357,"ES","VALENCIA","VALENCIA",0,0,"IPP/2.1","CUPS/2.1",,,,,,,,,,,,
"2020-06-07 14:06:58","198.51.100.7","tcp",631,,"ipp",557,"US","MAINE","ORONO",611310,0,,"CUPS/1.5","ipp://198.51.100.3:631/ipp, ipp://198.51.100.7:631/ipp","198.51.100.7",,"http://198.51.100.7/","TOSHIBA e-STUDIO5560C",,,,"OrganizationName",,"urn:uuid:b4ecc58d-d29f-447d-8c9e-xxx",
"2020-06-07 14:06:58","192.0.2.55","tcp",631,,"ipp",9318,"KR","SEOUL-TEUKBYEOLSI","SEONGBUK-DONG",517311,0,"IPP/2.1","CUPS/2.0",,,,,,,,,,,,
"2020-06-07 14:06:58","192.0.2.199","tcp",631,,"ipp",4766,"KR","GYEONGSANGBUK-DO","JUNGBANG-DONG",517311,0,"IPP/2.1","CUPS/2.0",,,,,,,,,,,,
"2020-06-07 14:06:58","203.0.113.99","tcp",631,"99.0.113.203.dynamic.wline.res.cust.swisscom.ch","ipp",3303,"CH","BASEL-STADT","BASEL",517311,0,"IPP/2.1","CUPS/2.0","ipp://203.0.113.0:631/printers/Laserprinter","Laserprinter","Laserprinter","http://203.0.113.0:631/printers/Laserprinter","Oki B401d - CUPS+Gutenprint v5.2.10",,,,,,"urn:uuid:3b73c6fc-75ec-3d71-55ad-xxx",

Our 134 Report Types

« Back to Network Reporting