Open IPP Report

This report identifies devices that have an open IPP (Internet Printing Protocol) service enabled on port 631/TCP.  This means anyone can connect to these devices (printers) anonymously. An attacker can abuse such devices for information disclosure including potential access to and manipulation of print jobs. Remote code execution vulnerabilities have also been uncovered in the past on various printer models and could potentially be exploited as well.

This report was enabled as part of the European Union INEA CEF VARIoT project.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    IP of the device in question
  • protocol
    Transport layer protocol used (always tcp)
  • port
    Port response came on (usually 631)
  • hostname
    Reverse DNS name of the device in question
  • tag
    ipp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City where the device in question resides
  • naics
    North American Industry Classification System Code
  • ipp_version
    IPP version (if present)
  • cups_version
    CUPS version returned (if present)
  • printer_uris
    URIs of the exposed printer (if present)
  • printer_name
    Trivial name of the printer (if present)
  • printer_location
    Location of printer (if present)
  • printer_info
    Information about printer (if present)
  • printer_more_info
    Location to find more information about printer (if present)
  • printer_make_and_model
    Information about printer manufacturer (if present)
  • printer_firmware_name
    Name of the printer firmware (if present)
  • printer_firmware_string_version
    Human readable list of firmware version (if present)
  • printer_firmware_version
    Firmware version (if present)
  • printer_organization
    Organization printer belongs to (if present)
  • printer_organization_unit
    Organizational unit printer belongs to (if present)
  • printer_uuid
    UUID of printer (if present)
  • printer_wifi_ssid
    Wireless network printer belongs to (if present)

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","ipp_version","cups_version","printer_uris","printer_name","printer_info","printer_more_info","printer_make_and_model","printer_firmware_name","printer_firmware_string_version","printer_firmware_version","printer_organization","printer_organization_unit","printer_uuid","printer_wifi_ssid"
"2020-06-07 14:06:58","192.0.2.5","tcp",631,"5.0.2.192.dyn.user.ono.com","ipp",12357,"ES","VALENCIA","VALENCIA",0,0,"IPP/2.1","CUPS/2.1",,,,,,,,,,,,
"2020-06-07 14:06:58","198.51.100.7","tcp",631,,"ipp",557,"US","MAINE","ORONO",611310,0,,"CUPS/1.5","ipp://198.51.100.3:631/ipp, ipp://198.51.100.7:631/ipp","198.51.100.7",,"http://198.51.100.7/","TOSHIBA e-STUDIO5560C",,,,"OrganizationName",,"urn:uuid:b4ecc58d-d29f-447d-8c9e-xxx",
"2020-06-07 14:06:58","192.0.2.55","tcp",631,,"ipp",9318,"KR","SEOUL-TEUKBYEOLSI","SEONGBUK-DONG",517311,0,"IPP/2.1","CUPS/2.0",,,,,,,,,,,,
"2020-06-07 14:06:58","192.0.2.199","tcp",631,,"ipp",4766,"KR","GYEONGSANGBUK-DO","JUNGBANG-DONG",517311,0,"IPP/2.1","CUPS/2.0",,,,,,,,,,,,
"2020-06-07 14:06:58","203.0.113.99","tcp",631,"99.0.113.203.dynamic.wline.res.cust.swisscom.ch","ipp",3303,"CH","BASEL-STADT","BASEL",517311,0,"IPP/2.1","CUPS/2.0","ipp://203.0.113.0:631/printers/Laserprinter","Laserprinter","Laserprinter","http://203.0.113.0:631/printers/Laserprinter","Oki B401d - CUPS+Gutenprint v5.2.10",,,,,,"urn:uuid:3b73c6fc-75ec-3d71-55ad-xxx",

Our 80 Report Types