scanning – brother hl-2280dw works as printer but not scanner in big sur

scanning – brother hl-2280dw works as printer but not scanner in big sur – Ask Different

vulnerability scanners – Router scanning ports on all connected devices

vulnerability scanners – Router scanning ports on all connected devices – Information Security Stack Exchange

printing – Malicious scanning of port 631?

I have observed that one computer on my home network (192.168.1.60) is trying to access port 631 of my main computer (192.168.1.253). I’m not carrying out any printing. I would want to know if there is a security problem.

This is from /var/log/ufw.log. It’s happening since August 3 2021.

Aug 30 09:57:19 skunkworks kernel: ( 3150.549098) (UFW BLOCK) IN=enp1s0f0 OUT= MAC=10:dd:b1:ea:b8:8b:74:e5:0b:39:e8:20:08:00 SRC=192.168.1.60 DST=192.168.1.253 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52383 DF PROTO=TCP SPT=32864 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug 30 09:57:21 skunkworks kernel: ( 3152.832252) (UFW BLOCK) IN=enp1s0f0 OUT= MAC=10:dd:b1:ea:b8:8b:74:e5:0b:39:e8:20:08:00 SRC=192.168.1.60 DST=192.168.1.253 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9216 DF PROTO=TCP SPT=32866 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug 30 09:57:22 skunkworks kernel: ( 3153.845528) (UFW BLOCK) IN=enp1s0f0 OUT= MAC=10:dd:b1:ea:b8:8b:74:e5:0b:39:e8:20:08:00 SRC=192.168.1.60 DST=192.168.1.253 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9217 DF PROTO=TCP SPT=32866 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug 30 09:57:25 skunkworks kernel: ( 3156.221825) (UFW BLOCK) IN=enp1s0f0 OUT= MAC=10:dd:b1:ea:b8:8b:74:e5:0b:39:e8:20:08:00 SRC=192.168.1.60 DST=192.168.1.253 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38839 DF PROTO=TCP SPT=32870 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug 30 09:57:26 skunkworks kernel: ( 3157.223484) (UFW BLOCK) IN=enp1s0f0 OUT= MAC=10:dd:b1:ea:b8:8b:74:e5:0b:39:e8:20:08:00 SRC=192.168.1.60 DST=192.168.1.253 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38840 DF PROTO=TCP SPT=32870 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug 30 09:57:28 skunkworks kernel: ( 3159.735831) (UFW BLOCK) IN=enp1s0f0 OUT= MAC=10:dd:b1:ea:b8:8b:74:e5:0b:39:e8:20:08:00 SRC=192.168.1.60 DST=192.168.1.253 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59238 DF PROTO=TCP SPT=32874 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug 30 09:57:29 skunkworks kernel: ( 3160.760546) (UFW BLOCK) IN=enp1s0f0 OUT= MAC=10:dd:b1:ea:b8:8b:74:e5:0b:39:e8:20:08:00 SRC=192.168.1.60 DST=192.168.1.253 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59239 DF PROTO=TCP SPT=32874 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 

This traffic is first observed when 192.168.1.60 boots, before any user is logged in. It also happens randomly after logging in.

Ufw blocks it. I’m not carrying out any printer activity on 192.168.1.60. It has neither local, USB, or network printers configured. 192.168.1.253 does have a shared printer, but it’s behind the firewall. (It is shared in order to print from local VMs).

Does this activity indicate that 192.168.1.60 may be compromised?

Could it be that 192.168.1.60 is just trying to discover printers on the network?

Both computers are Ubuntu 20.04.3. This is the firewall of 192.168.1.253:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
224.0.0.1                  DENY IN     Anywhere
ff02::1                    DENY IN     Anywhere (v6)

Anywhere                   DENY OUT    224.0.0.1
Anywhere (v6)              DENY OUT    ff02::1

malware – Scanning for malicious hardware on display replacement for a smartphone

There is no easy way to scan for malware on a product like a screen replacement. Still, I would not be to worried about it.

Embedding malware in a smartphone screen sounds like a very complicated way to get access to random peoples phones – there are probably easier ways a rational attacker would choose.

Unless you have reasons to be paranoid, I would not worry. And if you are paranoid, why would the logo make any difference? Could it not be stamped on any screen? Could not Huawei produce a screen with malware in it? Could not thr phone itself have been backdoored from the day you bought it?

malware – Scanning for malicious hardware on display replacements for smartphone

There is no easy way to scan for malware on a product like a screen replacement. Still, I would not be to worried about it.

Embedding malware in a smartphone screen sounds like a very complicated way to get access to random peoples phones – there are probably easier ways a rational attacker would choose.

Unless you have reasons to be paranoid, I would not worry. And if you are paranoid, why would the logo make any difference? Could it not be stamped on any screen? Could not Huawei produce a screen with malware in it? Could not thr phone itself have been backdoored from the day you bought it?

network scanners – Port scanning against assets that are behind a WAF

I am trying to automate my recon process. For port scanning, I resolve subdomains to IPs then loop over those IPs with masscan. But is it worth it to port scan an asset that is hidden behind a web firewall? In other words, by doing this I’m scanning the WAF IPs. Is it a common thing that some subdomains are behind a WAF and others are not? In this case, I can perform a WAF check before performing the port scanning process.

nmap – Scanning a domain name

Answer to question 1: We are actually scanning the server that the website is hosted on, right?

We are scanning the open ports on that host, that host can have multiple Vhosts, but in the end all of them are being served via port 80 (HTTP) or 443 (HTTPS).

Answer to question 2: If there is another domain hosted on the same server, the results of the scan would be same?

Yes, they would be the same, take this example as a reference:

The IP for this demonstration would be:

151.101.65.195

That IP address is used by many domains, as you can verify by using a ping command:

galoget@hackem:~$ ping -c 4 cncworks.co.nz
PING cncworks.co.nz (151.101.65.195) 56(84) bytes of data.
64 bytes from 151.101.65.195 (151.101.65.195): icmp_seq=1 ttl=39 time=10.5 ms
64 bytes from 151.101.65.195 (151.101.65.195): icmp_seq=2 ttl=39 time=10.6 ms
64 bytes from 151.101.65.195 (151.101.65.195): icmp_seq=3 ttl=39 time=10.7 ms
64 bytes from 151.101.65.195 (151.101.65.195): icmp_seq=4 ttl=39 time=10.8 ms

--- cncworks.co.nz ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 10.518/10.650/10.814/0.106 ms


galoget@hackem:~$ ping -c 4 vivaanprojects.com
PING vivaanprojects.com (151.101.1.195) 56(84) bytes of data.
64 bytes from 151.101.1.195 (151.101.1.195): icmp_seq=1 ttl=39 time=10.7 ms
64 bytes from 151.101.1.195 (151.101.1.195): icmp_seq=2 ttl=39 time=10.7 ms
64 bytes from 151.101.1.195 (151.101.1.195): icmp_seq=3 ttl=39 time=10.7 ms
64 bytes from 151.101.1.195 (151.101.1.195): icmp_seq=4 ttl=39 time=10.7 ms

--- vivaanprojects.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 10.682/10.695/10.704/0.008 ms

If you run a nmap scan to all ports, the results are the same:

galoget@hackem:~$ nmap -p- cncworks.co.nz
Starting Nmap 7.80 ( https://nmap.org ) at 2021-07-11 19:10 UTC
Nmap scan report for cncworks.co.nz (151.101.1.195)
Host is up (0.011s latency).
Other addresses for cncworks.co.nz (not scanned): 151.101.65.195
Not shown: 65533 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https


galoget@hackem:~$ nmap -p- vivaanprojects.com
Starting Nmap 7.80 ( https://nmap.org ) at 2021-07-11 19:14 UTC
Nmap scan report for vivaanprojects.com (151.101.65.195)
Host is up (0.011s latency).
Other addresses for vivaanprojects.com (not scanned): 151.101.1.195
Not shown: 65533 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 104.45 seconds

scanning – Correct exposure negative scan

I’ve just started scanning my families negatives. When I get the scan, it’s a bit brighter than the print that was made that I can compare it to, but the print has less details in the dark areas.

Alas, if I bring down the exposure in post, I get an image more in line with the print, but instead those before mentioned shadows swallow some detail. Is there a right way do do it. Which is the “true” image?

wifi – Fixed Channel : -1 ( in Scanning and deauth)

I was using Alfa awus1900 (Realtek 8814u) wifi adapter to test my wifi but from this point, it always shows fixed channel -1 while scanning a particular bssid and on deuath also and after using –ig to ignore -ve one also it is not effective. Sometimes it shows interface down while deauth. I tried reinstalling the driver and changing the driver but none work for me.. Can someone tell me how to fix fixed channel: -1?

DreamProxies - Cheapest USA Elite Private Proxies 100 Cheapest USA Private Proxies Buy 200 Cheap USA Private Proxies 400 Best Private Proxies Cheap 1000 USA Private Proxies 2000 USA Private Proxies 5000 Cheap USA Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies Proxies123.com