On Fri, 27 Sep 2024 07:19:16 -1000
Joel Roth via Dng <dng@???> wrote:
> Peter Duffy wrote:
> > My impression so far is that the risk to "leaf nodes" of the
> > internet (ones behind routers provided by ISPs, and including
> > firewalls and NATting) ***should*** be minimal - as UDP port 631
> > should be blocked by default (if not, the ISP needs kicking), and
> > no one in their right mind would expose it via a port-forwarding
> > hole through the firewall. At least, I can't imagine a valid reason
> > for doing so.
>
> I was considering that many off-the-shelf routers may be running CUPS,
> even with no printer connected.
Why?
FWIW, I've just tested my Billion modem/router and it will not allow
connections on ports 631 or 9100 internally. Nmap on the modem/router
says these are not among the open internal ports.
Caveat, I do not have way to scan it externally, but is locked down
against external admin and I definitely do not have port 631 forwarded
to any internal printer.
Nmap on the printer (Canon) confirms that port 631 is open as that is
the IPP(Internet Printing Protocol) which CUPS loves.
So, I do not see how there is currently a vulnerability.
Perhaps someone with with a modern printer plugged into the USB
socket on their modem/router can check for any port 631
vulnerability. I expect the router would just forward any open
port from the printer internally.terryc