The ballad of the possessed printer

Gather round practitioners and listen if ye dare

To hear this Halloween tale of possessed office ware—

A printer, one cursed by a dark, mysterious power

That spit out strange symbols three to four times an hour…

Ten Halloweens ago or more, Bobby Kuzma, now director of offensive cyber operations at cybersecurity company ProCircular, received a help desk ticket with a ghastly title: Help, my printer is possessed.

A client’s printer was regularly sending “garbled garbage” to the tray, Kuzma said. The outputs included letters and the full ASCII character set—similar to the output shown in this recent Reddit post. According to Kuzma, an IT consultant at the time, the client received a mysterious printout every 15 minutes or so.

“‘The printer keeps spitting out gibberish. It’s like the girl in [The] Exorcist,’” Kuzma recalls the client saying.

As our hero set forth to understand such possession,

He found in the shadows a seeker in session

Looking for life on a network unclear

“Anyone there?” asked the seeker. Then an answer: “I am here!”

Kuzma and his team learned that the printer’s port was assigned to the incorrect virtual local area network (VLAN), one of several partitioned segments of the client’s network. Additionally, Kuzma discovered that an abandoned network and asset discovery tool had been scanning a range that included the printer, which then received the tool’s discovery packets and dutifully treated them like an order.

“The printer was cheerfully going, ‘Oh, I have a print job! A purpose in life here. Let me print all of the things,’” Kuzma said.

With connection, the printer had so much to say

Passionate pages flowed to the tray

Until our hero saw with regret—

The call to the printer

Was not meant for it.

To solve the spooky issue, Kuzma fell back on computing 101, starting at the top of the OSI networking model, a seven-layer diagram illustrating how computer systems communicate over a network. The fix involved layer one: the physical layer.

A physical cable, Kuzma discovered, had been plugged into the wrong port and subsequently assigned to an incorrect network—one that was continuously scanned by the network tool. The fix involved plugging the cable into a different port and properly labeling it so such issues wouldn’t happen in the future.

Nathan Hunstable, a network-architecture pro and current CISO at CEC Entertainment, owner of Chuck E. Cheese, recommends IT leaders place printers on their own VLAN, then lock down communication pathways with a firewall, enforcing that a network is only allowed to access the printer’s isolated VLAN network via the default printer port.

And even then, make sure you connect the right device to the right VLAN…physically.

“We got that scanner disabled. We got the printer on the correct VLAN and considered the demon exorcised,” Kuzma said.

Be careful, practitioner. If you dare print again,

To place the device in safe isolation

But remember a printer has memory, too.

And darkness always lurks inside of the queue.