Aaron Weaver has published a whitepaper describing how you can utilize 'intranet hacking' tricks
to send spam to printers. Pretty amusing.
"Many network printers listen on port 9100 for a print job (RAW
Printing or Direct IP printing). You can telnet directly to the printer
port and enter text. Once you disconnect from the printer it will print
out the text that you send it. Network printers also accept PostScript,
and Printer Control language. The security around this is usually
minimal – connect to the port, send the print job, disconnect and the
printer prints the page.
Within the last year there have been new discoveries on attacking the
Intranet from the Internet1. This involves setting an image tag or
script tag to an internally addressable IP address and then the browser
will request the “image” resource. Several attacks can be accomplished;
port scanning, fingerprinting devices, and changing internal router
settings." – Aaron Weaver
Paper Link: http://aaron.weaver2.googlepages.com/CrossSitePrinting.pdf