HP JetDirect closing ports randomly

  • Thread starter Thread starter Tony Whitmore
  • Start date Start date
T

Tony Whitmore

Hi all,

This was good one for me to have to think about on a Monday morning!

We have 5 HP LaserJet 5Ns, with JetDirect cards. These are the
workhorses of our IT rooms and are usually rock solid. (You can guess
where this is going, can't you?)

These printers have started misbehaving. All 5 of them. At the same
time. They should have 3 open ports on them:
23/telnet
515/lpd
9100/jetdirect

However, they've started closing some/all ports seemingly randomly.
One minute all three ports will be open, the next none. Sometimes one
or two of the ports are open. Thinking that the problems might be due
to the traffic on the network (I have read that the JetDirect cards
can sometimes get swamped by too much traffic) I have isolated one of
the printers on a hub with a single PC and no upstream link. However,
I still get these varying results from port scanning even in this
isolated environment. I had wondered if it was the act of port
scanning itself that was causing the ports to close, but I have used
nmap on them before without them turning up their toes.

No configuration changes have been made since Easter, and they've been
working solidly up until today. Given their age there is very little
information on HPs website. Googling hasn't turned up any helpful
results either. The most bizarre thing is that they've all started
having the problem at the same time. I've cleaned (it was worth a
shot!) the "test" printer, and performed a factory reset on it too.

Any advice appreciated.

Tony
 
Tony Whitmore said:
We have 5 HP LaserJet 5Ns, with JetDirect cards.
They should have 3 open ports on them:
23/telnet
515/lpd
9100/jetdirect

However, they've started closing some/all ports seemingly randomly.
One minute all three ports will be open, the next none. Sometimes one
or two of the ports are open. Thinking that the problems might be due
to the traffic on the network (I have read that the JetDirect cards
can sometimes get swamped by too much traffic) I have isolated one of
the printers on a hub with a single PC and no upstream link. However,
I still get these varying results from port scanning even in this
isolated environment.

Just some ideas:

Check for a virus, even on the single PC. Upgrade the firmware on one
of the JetDirects, if you think it'll be stable long enough to do it.
Check your AC power, especially if all the testing has been done in the
same room or on the same outlet or line.
 
Warren Block said:
Check for a virus, even on the single PC. Upgrade the firmware on one
of the JetDirects, if you think it'll be stable long enough to do it.
Check your AC power, especially if all the testing has been done in the
same room or on the same outlet or line.

Thanks for the tips Warren.

The PC I'm using to port scan the printer with is running Linux, so
viruses aren't really an issue (at least, at the time of writing!)
I'll look for a firmware upgrade on HPs site, see if that is any help.

The printers are distributed across our site, running on different
power supplies. I have port scanned from more than one machine. :S

Thanks again,

Tony
 
Tony Whitmore said:
The PC I'm using to port scan the printer with is running Linux, so
viruses aren't really an issue (at least, at the time of writing!)

There are a lot of exploits for some (unpatched Red Hat)...

Run Ethereal and see if there's anything odd on the line.

Other ideas: maybe the problem started when something else was added to
the network. Could be a different ground between rooms or buildings.
Switches can isolate lines with bad signals, but a big enough ground
difference might get through. Double-check what has changed recently,
in terms of network connections or even furniture moved to crush cat 5.
Check the Ethernet errors and bad packet statistics.

It's just really weird that this started happening all at once, and
continues even on a separate network. Like a virus that was actually
picked up by the printers. That's conceivable, but unlikely. Maybe
somebody upgraded the firmware on all the printers (using that horrible
Web JetAdmin) and it's the new firmware causing the problem.
 
Thanks again for the ideas Warren. I'll certainly look closer into
what you suggest.
Other ideas: maybe the problem started when something else was added to
the network. Could be a different ground between rooms or buildings.
Switches can isolate lines with bad signals, but a big enough ground
difference might get through. Double-check what has changed recently,
in terms of network connections or even furniture moved to crush cat 5.
Check the Ethernet errors and bad packet statistics.

OK. I'm not *aware* of anything like that having happened, but I'll
double check. The printers can all be pinged reliably, which doesn't
imply a connection fault (to my mind), its just those three ports.
Still, it's worth a look.
It's just really weird that this started happening all at once, and
continues even on a separate network. Like a virus that was actually
picked up by the printers. That's conceivable, but unlikely. Maybe
somebody upgraded the firmware on all the printers (using that horrible
Web JetAdmin) and it's the new firmware causing the problem.

I had thought of some printer-virus thing, but only as kind of fantasy
cause I've checked with my team, but no-one has upgraded any firmware.
(It is of course possible, but unlikely, that someone unauthorised has
done so, so I will investigate further.) As you say, the wierdest
thing is that it affected all five at once, and continues on an
isolated network. It defies all logic! Just about everyone else I've
spoken to says "oh, you must have changed something on the server"
because of the problem affecting all five at once. It's only when I
show/explain them the nmap results that the true nature of the problem
becomes clear. Still doesn't explain it mind!

Thanks again Warren, I'll post back if I have anything more to report.

Tony
 
Back
Top