Xerox 5755 用户手册
XEROX WorkCentre
5735/5740/5745/5755/5765/5775/5790
Information Assurance Disclosure Paper
Ver. 2.00, March 2011
Page 21 of 50
2.8.2.13. Port 515, LPR
This is the standard LPR printing port, which only supports IP printing. It is a configurable port, and may be explicitly
enabled or disabled in the Properties tab of the device’s web pages.
enabled or disabled in the Properties tab of the device’s web pages.
2.8.2.14. Port 631, IPP
This port supports the Internet Printing Protocol. It is not configurable. This is disabled when the http server is
disabled.
disabled.
2.8.2.15. Port 1900, SSDP
This port behaves similarly to the SLP port. When activated, this port is used for service discovery and advertisement.
The device will advertise itself as a printer and also listen for SSDP queries using this port. It is not configurable. This
port is explicitly enabled / disabled in the Properties tab of the device’s web pages.
The device will advertise itself as a printer and also listen for SSDP queries using this port. It is not configurable. This
port is explicitly enabled / disabled in the Properties tab of the device’s web pages.
2.8.2.16. Port 3003, http/SNMP reply
This port is used when the http server requests device information. The user displays the Web User Interface
(WebUI) and goes to a page where the http server must query the device for settings (e.g. Novell network settings).
The http server queries the machine via an internal SNMP request (hence this port can only open when the http
server is active). The machine replies back to the http server via this port. It sends the reply to the loopback address
(127.0.0.0), which is internally routed to the http server. This reply is never transmitted on the network. Only SNMP
replies are accepted by this port, and this port is active when the http server is active (i.e. if the http server is disabled,
this port will be closed). If someone attempted to send an SNMP reply to this port via the network, the reply would
have to contain the correct sequence number, which is highly unlikely, since the sequence numbers are internal to the
machine.
(WebUI) and goes to a page where the http server must query the device for settings (e.g. Novell network settings).
The http server queries the machine via an internal SNMP request (hence this port can only open when the http
server is active). The machine replies back to the http server via this port. It sends the reply to the loopback address
(127.0.0.0), which is internally routed to the http server. This reply is never transmitted on the network. Only SNMP
replies are accepted by this port, and this port is active when the http server is active (i.e. if the http server is disabled,
this port will be closed). If someone attempted to send an SNMP reply to this port via the network, the reply would
have to contain the correct sequence number, which is highly unlikely, since the sequence numbers are internal to the
machine.
2.8.2.17. Port 9100, raw IP
This allows downloading a PDL file directly to the interpreter. This port has limited bi-directionality (via PJL back
channel) and allows printing only. This is a configurable port, and may be disabled in the Properties tab of the
device’s web pages.
channel) and allows printing only. This is a configurable port, and may be disabled in the Properties tab of the
device’s web pages.
2.8.3. IP Filtering
The devices contain a static host-based firewall that provides the ability to prevent unauthorized network access
based on IP address and/or port number. Filtering rules can be set by the SA using the WebUI. An authorized SA can
create rules to (Accept / Reject / Drop) for ALL or a range of IP addresses. In addition to specifying IP addresses to
filter, an authorized SA can enable/disable all traffic over a specified transport layer port.
based on IP address and/or port number. Filtering rules can be set by the SA using the WebUI. An authorized SA can
create rules to (Accept / Reject / Drop) for ALL or a range of IP addresses. In addition to specifying IP addresses to
filter, an authorized SA can enable/disable all traffic over a specified transport layer port.