Client host sending wrong input to LPD port

We are starting to see more and more support incidents about the message "client host x.x.x.x sending wrong input to LPD port".  This message should require little interpretation since network administrators are the target audience for RPM.  It gives the IP address of a host communicating improperly with RPM.  In other words, this host is not using proper LPR/LPD protocol.

You should check the IP address of the client host here.  If it is outside your network and is not a trusted host, you should take steps to harden RPM against further unwanted intrusion.  This starts by identifying the hosts you actually want sending you print jobs and then blocking all other hosts.

If the IP address is inside your network, it is likely caused by a network vulnerability scanner.  In some cases, RPM handles these scans without issue but reports a critical event which cannot be suppressed.  Some vulnerability scanners are more intrusive than others and can issues which prevent RPM from receiving further print requests.  If this is the case, your only option to restore printing is to restart the RPM service or, in extreme cases, the computer.

RPM is a print server which primarily works with print data from legacy systems.  The LPR/LPD protocol is not a perfectly defined protocol like HTTP or SSH in that it does not see regular updates for emerging security threats.  LPR/LPD is described in rfc1179.  In there, it specifically says that the document is not defining an official Internet standard, but is attempting only to document standard practices between vendors of the era.

The solution, whether the traffic originates from inside your network or outside, is to block the offending host(s).  The best scenario is to block all hosts except only those from which you wish to receive print jobs.  The safest place to block outside hosts is on a company firewall preventing the traffic from even reaching the RPM host.  For inside hosts, it could be done using the Windows firewall or one included with your antivirus program on the host where RPM is installed.

RPM also has built-in security settings accessible from the Configure menu which makes it possible to block traffic from unwanted hosts.  We recommend using RPM security settings only as a temporary fix since a network firewall is likely more robust.