Open port 631: Internet Printing Protocol (IPP)
What this means
Port 631 is a specialised modern protocol for the Internet Printing Protocol (IPP) that allows computers and devices to send print jobs to printers over local networks or the internet.
While IPP is commonly used in enterprise and home environments, improper configuration can expose printers to security risks.
Why this is a problem
When IPP port 631 is left open to an untrusted network it can allow attackers the ability to:
- access printers remotely that can then be accessed, controlled, and even manipulated by unauthorised users
- buffer overflow attacks by sending code to overwrite memory and execute code
- intercept print jobs with sensitive documents sent to the printer that may be intercepted, leading to data leaks
- remote code execution where attackers can exploit vulnerabilities in the protocol to execution of code
- Denial-of-Service (DoS) attacks where attackers can overload the printer with requests, making it unusable
How to check if the problem is there
Check open IPP ports
Run the following command to check if IPP ports are open.
Windows (Command Prompt):
netstat -an | find ":631"
Linux/Mac (Terminal):
sudo netstat -tulnp | grep ":631"
Test for access
If an open port is found, try connecting to the IPP service using:
Nmap -p 631 –script ipp-info <your service ip>
How to fix this
Disable IPP
If IPP is unnecessary, close port 631 by disabling the service.
Use authentication and encryption
If IPP is required, ensure it uses HTTPS (IPP over TLS) to encrypt traffic.
Restrict access
Restrict access by carrying out the following:
- disable or uninstall services if not required
- segment the network to isolate the service
- regularly patch any application or service using the port
Regularly monitor logs
Regularly monitor your event logs and consider:
- using SIEM tools to detect anomalies
- deploying Intrusion Detection Systems (IDS)