Laserjet open ports

35 pts.
Tags:
HP LaserJet
Networking
Security
I ran Nmap to scan my HP4005 and HP4705. Both reported that port 14000 is open and tcpwrapped. Can anyone explain why this port is opened? Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Haroldbluetooth
    I've tried netcat and telnet with Wireshark installed to monitor traffic to this port, all I get is a syn, syn ack, fin ack, nothing else. Here are the results of my scan: Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-29 15:18 Eastern Standard Time NSE: Loaded 57 scripts for scanning. Initiating ARP Ping Scan at 15:18 Scanning 172.16.10.231 [1 port] Completed ARP Ping Scan at 15:18, 0.05s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 15:18 Completed Parallel DNS resolution of 1 host. at 15:18, 5.53s elapsed Initiating SYN Stealth Scan at 15:18 Scanning 172.16.10.231 [1000 ports] Discovered open port 80/tcp on 172.16.10.231 Discovered open port 21/tcp on 172.16.10.231 Discovered open port 443/tcp on 172.16.10.231 Discovered open port 23/tcp on 172.16.10.231 Discovered open port 14000/tcp on 172.16.10.231 Discovered open port 9100/tcp on 172.16.10.231 Discovered open port 515/tcp on 172.16.10.231 Discovered open port 7627/tcp on 172.16.10.231 Increasing send delay for 172.16.10.231 from 0 to 5 due to max_successful_tryno increase to 5 Discovered open port 280/tcp on 172.16.10.231 Completed SYN Stealth Scan at 15:18, 7.55s elapsed (1000 total ports) Initiating Service scan at 15:18 Scanning 8 services on 172.16.10.231 Completed Service scan at 15:19, 53.71s elapsed (9 services on 1 host) Initiating OS detection (try #1) against 172.16.10.231 NSE: Script scanning 172.16.10.231. Initiating NSE at 15:19 Completed NSE at 15:19, 4.00s elapsed Nmap scan report for 172.16.10.231 Host is up (0.00s latency). Not shown: 991 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp HP JetDirect ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_Can't get directory listing: Can't parse PASV response: "Authentication required." 23/tcp open telnet HP JetDirect telnetd 80/tcp open http HP-ChaiSOE 1.0 (HP LaserJet http config) |_http-methods: GET HEAD | http-title: HP Color LaserJet CP4005 Printers |_Requested resource was http://172.16.10.231/hp/device/this.LCDispatcher 280/tcp open http HP-ChaiSOE 1.0 (HP LaserJet http config) |_http-methods: GET HEAD | http-title: HP Color LaserJet CP4005 Printers |_Requested resource was http://172.16.10.231/hp/device/this.LCDispatcher 443/tcp open ssl/http HP-ChaiSOE 1.0 (HP LaserJet http config) |_http-methods: GET HEAD | http-title: HP Color LaserJet CP4005 Printers |_Requested resource was http://172.16.10.231/hp/device/this.LCDispatcher 515/tcp open printer 7627/tcp open http HP-ChaiSOE 1.0 (HP LaserJet http config) |_http-methods: GET HEAD | http-title: HP Color LaserJet CP4005 Printers |_Requested resource was http://172.16.10.231/hp/device/this.LCDispatcher 9100/tcp open jetdirect? 14000/tcp open tcpwrapped MAC Address: 00:1F:29:16:42:76 (Hewlett Packard) Device type: printer Running: HP embedded OS details: HP LaserJet 2055dn, 2420, P3005, CP4005, or P4014 printer Uptime guess: 13.947 days (since Tue Nov 15 16:36:17 2011) Network Distance: 1 hop TCP Sequence Prediction: Difficulty=265 (Good luck!) IP ID Sequence Generation: Incremental Service Info: Device: printer
    35 pointsBadges:
    report
  • TomLiotta
    Can anyone explain why this port is opened? Because something is listening on it. It went through a standard handshake, but either Nmap had no knowledge of what was expected or you weren't connecting from an appropriate source location. As for "what" is doing the listening, perhaps only HP can answer. Nmap reports it as 'tcpwrapped' to indicate that some type of security (or obscurity) is blocking access. Since a more normal RST wasn't returned and some handshaking succeeded, Nmap is notifying you that a TCP Wrapper is a likely explanation. It doesn't that that's what it is; it just has that kind of response profile. HP might have a kind of service port that isn't otherwise useful. Or any number of other possibilities exist. Tom
    125,585 pointsBadges:
    report
  • Haroldbluetooth
    Tom, thanks for the response. I understand the tcpwrapper possibility, Nmap is just interpreting and it's probably wrong. But, the bottom line is that a port, 14000, is still open and listening. It fin-ack'd every attempt to connect. It didn't just sit there and not respond, it responded. I've googled for days looking for any references linking the port to HP and have found nothing. Regarding your comment, "either Nmap had no knowledge of what was expected or you weren’t connecting from an appropriate source location", exactly! Who or what is the appropriate source location? Is this a port that is used for firmware updates? I don't know, I just can't find any reference. Thanks again.
    35 pointsBadges:
    report
  • TomLiotta
    ...a port, 14000, is still open and listening. It fin-ack’d every attempt to connect. That is, of course, the basic behavior that gets classified as "TCP Wrapper". Unless the correct form of authentication is provided, nothing will get through. I did a cursory look for references to { HP port 14000 } and didn't see anything useful. Something like "firmware updates" came to mind, though I didn't really think that's what it was except that a 'fast FTP' function is sometimes expected to use port 14000. Unless you get very lucky, I wouldn't expect an answer from anywhere but HP support. They ought to know what it is. (And if they don't know, they should be notified about it.) Tom
    125,585 pointsBadges:
    report
  • TomLiotta
    Interesting side note today -- Can a hacker catch your HP printer on fire?. Tom
    125,585 pointsBadges:
    report
  • Subhendu Sen
    If I understood correctly, then Plz see this link here, hope it may help u!
    29,210 pointsBadges:
    report
  • Haroldbluetooth
    Thanks for your responses. I do know about Scotty and I was aware of the article. The article prompted my attention. I've search the HP archives and there is no reference. Still looking.
    35 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following