HIGH: Open IPP Report

DESCRIPTION LAST UPDATED: 2023-12-12

DEFAULT SEVERITY LEVEL:HIGH

This report identifies devices that have an open IPP (Internet Printing Protocol) service enabled on port 631/TCP.  This means anyone can connect to these devices (printers) anonymously. An attacker can abuse such devices for information disclosure including potential access to and manipulation of print jobs. Remote code execution vulnerabilities have also been uncovered in the past on various printer models and could potentially be exploited as well.

Track exposed IPP instances on our Dashboard.

We first announced the scan in a blog post titled Open IPP Report – Exposed Printer Devices on the Internet.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page..

This report was enabled as part of the European Union INEA CEF VARIoT project.

This report has an IPv4 and IPv6 version.

Filename(s): scan_ipp, scan6_ipp

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    IP of the device in question
  • protocol
    Transport layer protocol used (always tcp)
  • port
    Port response came on (usually 631)
  • hostname
    Reverse DNS name of the device in question
  • tag
    ipp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City where the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • ipp_version
    IPP version (if present)
  • cups_version
    CUPS version returned (if present)
  • printer_uris
    URIs of the exposed printer (if present)
  • printer_name
    Trivial name of the printer (if present)
  • printer_location
    Location of printer (if present)
  • printer_info
    Information about printer (if present)
  • printer_more_info
    Location to find more information about printer (if present)
  • printer_make_and_model
    Information about printer manufacturer (if present)
  • printer_firmware_name
    Name of the printer firmware (if present)
  • printer_firmware_string_version
    Human readable list of firmware version (if present)
  • printer_firmware_version
    Firmware version (if present)
  • printer_organization
    Organization printer belongs to (if present)
  • printer_organization_unit
    Organizational unit printer belongs to (if present)
  • printer_uuid
    UUID of printer (if present)
  • printer_wifi_ssid
    Wireless network printer belongs to (if present)
  • device_vendor
    The identified device vendor
  • device_type
    Device classification (for example, printer)
  • device_model
    The identified device model
  • device_version
    Device version, if any
  • device_sector
    Sector to which the device type belongs to (consumer, enterprise, industrial etc)
  • sector
    Sector the device IP belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","ipp_version","cups_version","printer_uris","printer_name","printer_info","printer_more_info","printer_make_and_model","printer_firmware_name","printer_firmware_string_version","printer_firmware_version","printer_organization","printer_organization_unit","printer_uuid","printer_wifi_ssid","device_vendor","device_type","device_model","device_version","device_sector","sector"
"2010-02-10 00:00:00",high,192.168.0.1,tcp,631,node01.example.com,ipp,64512,ZZ,Region,City,0,,IPP/2.1,CUPS/2.0,,,,,,,,,,,,,,,,,,"Communications, Service Provider, and Hosting Service"
"2010-02-10 00:00:01",high,192.168.0.2,tcp,631,node02.example.com,ipp,64512,ZZ,Region,City,0,ptr,IPP/2.1,CUPS/2.0,"ipp://192.168.0.2:631/printers/HPDesigngjet500plus, ipp://192.168.0.2:631/printers/RICOH",RICOH,RICOH,http://192.168.0.2:631/printers/RICOH,"Local Raw Printer",,,,,,urn:uuid:3d286f73-8bf1-3637-759a-61dc43da1d0f,,,,,,,
"2010-02-10 00:00:02",high,192.168.0.3,tcp,631,node03.example.com,ipp,64512,ZZ,Region,City,0,ptr,,,ipp://192.168.0.3:631/ipp/print,NPIBF9825,"HP Color LaserJet M452nw",http://192.168.0.3:631/hp/device/info_config_AirPrint.html?tab=Networking&menu=AirPrintStatus,"HP Color LaserJet M452nw",20201022,20201022,20201022,,,urn:uuid:564e4233-4332-3735-3937-3c5282bf9825,PSS,,,,,,"Communications, Service Provider, and Hosting Service"

Our 130 Report Types