How to prevent queue names appearing in RPM

We had a support email recently with this question:

I get name corruption in RPM. How do I prevent this?

They provided the following screenshot; actually, there were three times as many entries as shown here.

Actually you do not have 'name corruption' at all. This is the result of a network scanner. Normally when we run into these applications they create "conventional" queue names such as lp, hp, print, etc.

However, this particular application might be attempting to hack RPM. It sends RPM partially formed queries and incomplete print commands. It could be this is something intentional in your network, but we usually see more “regular” looking names like “lp” and not “-(cookie”.

It's one thing if this program is intentional, something used for some kind of security compliance. However, that seems unlikely.

If this is a hack in your network you are not aware of, here is how to find out where it comes from.

Tracing the caller

First, in the user interface go to Help / Diagnostic Logging

Scroll down to "lpd2" and select it:

Now when you run RPM, any program that connects and sends a request which would attempt to make one of these queues is going to have it's "origin" included in the log.

You can find the RPM log by going to the install folder and looking for "rpmsrv*.log" Here is an example:

Open the last log file with a text editor and search for "lpd2" (without quotes). The line that includes "OnAccept" will tell you the IP address of the connecting program:

2018-09-20 16:21:09.854 lpd2 OnAccept port=515 socket=1716 remote-ip=192.168.56.1

Your network administrator should be able to track down the IP address and discover the program that is attempting to connect to RPM and submit the fraudulent print requests.

Prevention

Sometimes correcting the problem is the right solution for you. If prevention is your choice, go to the Configure menu / Port Settings, select “lpd” and click “Modify Port”.

Turn off “Auto-create queues on request”. This should prevent those names from appearing. Note that it is on by default.

The downside of this is that when you set up your remote host to print to RPM, you’ll have to create the queue first, or it won’t work.