Today, at a customer premises, I had to print a document on a local printer. Out of the Windows domain, I decided to use a printer by connecting directly to its IP address. nmap is your best frien in such case. Here is the scan result against the printer:
H:\>nmap -sT 10.100.15.82 Starting Nmap 4.20ALPHA6 ( http://www.insecure.org/nmap ) \ at 2007-09-12 14:04 Romance Standard Time Interesting ports on 10.100.15.82: Not shown: 1670 filtered ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 80/tcp open http 110/tcp open pop3 139/tcp open netbios-ssn 514/tcp open shell 515/tcp open printer 631/tcp open ipp 1720/tcp open H.323/Q.931 5060/tcp open sip 9100/tcp open jetdirect MAC Address: 00:00:74:A1:C3:2F (Ricoh Company) Nmap finished: 1 IP address (1 host up) scanned in 106.844\ seconds H:\>
Even if printers have more and more functions (this one has also fax and copier features), why are so much ports “open” by default?