From Hacking Printers
Jump to: navigation, search
Printing over IPP

Between 1999 and 2005 the IETF IPP working group published various draft standards for an LPD successor capable of authentication and print job queue management. The Internet Printing Protocol (IPP) is defined in RFC2910 [1] and RFC2911 [2]. IPP is an extendable protocol, for example ‘IPP Everywhere’ as specified in [3] is a candidate for a standard in mobile and cloud printing and IPP extensions for 3D printing [4] have been released. Because IPP is based on HTTP, it inherits all existing security features like basic/digest authentication and SSL/TLS encryption. To submit a print job or to retrieve status information from the printer, an HTTP POST request is sent to the IPP server listening on port 631/tcp. A famous open-source IPP implementation is CUPS [5], which is the default printing system in many Linux distributions and OS X. Network printers usually run their own IPP server as one method to accept print jobs. Similar to LPD, IPP is a channel to deploy the actual data to be printed and can be abused as a carrier for malicious PostScript or PJL files. In this wiki, IPP itself is no further exploited except for accounting bypasses.

Related articles: Fundamentals, Attack carriers, Accounting bypass, Buffer overflows

  1. RFC2910: Internet Printing Protocol/1.1: Encoding and Transport, R. Herriot, 2000
  2. RFC2911: Internet Printing Protocol/1.1: Model and Semantics, T. Hastings and others, 2000
  3. IPP Everywhere, PWG, The Printer Working Group, 2013
  4. IPP 3D Printing Extensions (3D), PWG, The Printer Working Group, 2016
  5. Common Unix Printing System, M. Sweet