Port 515 – LPD (Line Printer Daemon)

Why It’s Open

Port 515 is used by the Line Printer Daemon (LPD) protocol, a legacy printing service originally developed for Unix systems. This service manages print jobs and printer queues, allowing network-connected systems to send print jobs to remote printers or print servers.

While largely superseded by modern printing protocols like IPP (Internet Printing Protocol), LPD may still be found in legacy environments or older network printers that haven’t been upgraded.

Common Risks

Unauthenticated Access
Many LPD implementations lack strong authentication
Buffer Overflows
Legacy implementations vulnerable to memory corruption
Print Job Manipulation
Unauthorized users can modify or delete print jobs
Information Disclosure
Print jobs may contain sensitive data
DoS Potential
Queue flooding can exhaust system resources

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

Enumeration & Testing

Check if it’s open:

nmap -sT -p 515

Test LPD connection:

nc -v  515

Print queue check:

lpq -h

What to Look For

Checkpoint	What it means
LPD service exposed	Legacy printing service accessible
No authentication	Anyone can submit print jobs
Queue manipulation	Print jobs can be modified/deleted
Version information	May reveal vulnerable implementations

Mitigation

Modern Protocols
Switch to IPP or other secure printing protocols
Access Controls
Restrict LPD access to authorized hosts only
Printer Isolation
Place printers on separate network segments
Job Encryption
Use print job encryption where supported
Monitor Usage
Track and audit print job submissions

TL;DR

Port 515 = Line Printer Daemon
Legacy printing protocol
Minimal security features
Should use modern alternatives

Known CVEs and Exploits

CVE-2021-3438 – Buffer overflow in LPD service
CVE-2020-1706 – Remote code execution via print jobs
CVE-2019-15999 – Privilege escalation in LPD implementation
Multiple tools exist for printer exploitation