We have a network printer that will suddenly fire up and print five lines (three times this month)
GET / HTTP/1.1
TE: deflate, gzip;q=0.03
Connection: TE, close
Host : <printer IP>:9100
User-Agent: libwww-perl/6.13
I'm guessing that something is scanning ports, but don't know where it's coming from - it only identifies the printer IP address. The network is all cable, no Wi-Fi enabled...
Any idea what could be doing this, and how it can it be located?
The printer is an old (probably 15 years at least) HP Colour LaserJet 4500N with it's own network card and will reply to a ping request from anywhere on the internet...
Thanks
It seems like some automated Perl script is trying to access the printer's web console. The User-Agent line tells the request comes from LWP, the most commonly used library to make web requests from Perl.
As you just found out, similar behavior can be invoked by just entering http://<printerIP>:9100 in a web browser. Now it is only a matter of tracking down the visitor. You may find a log in the management console that gives you the visitor's IP address.