UDP port 1900 is used for uPnP device discovery, which I don't think is supported on SS4000-E. Could you confirm whether the NAS box is SS4000-E or SS4200-E?
Yes, I purchase them, and they are all SS4000-E. The claim from the other department is that the Apache server on my DAS9 backup box has been compromised, and it is now probing other nodes.
"Apache server on my DAS9 backup box"? What's that? What do you mean by it being compromised?
I don't know, exactly, but I have about five of these SS4000-E boxes. I use them to back up Oracle databases. The particular box that is being questioned by someone in another department is that this box is probing one of his servers. Since this particular SS4000-E is a backup box for the database we call DAS9 (Data Acquisition System number 9), I call it the das9 backup box. According to what I have heard, Apache is vulnerable to some kind of attack, and this box uses Apache as its web server. Hence, I am wondering if I can get the latest Apache patch into it, somehow. I have never done anything of the sort before. I just upgrade the firmware, which is very easy to do. Now, since it is a discontinued product, I doubt that I will get any more firmware patches.
Correct, the SS4000 was discontinued July 1, 2008. There aren't any new firmware updates available beyond the latest version 1.4b710 that was released on 09/02/2008. One caveat with the 1.4 firmware versions is updating from 1.3 or earlier to a 1.4 version is data destructive. If you're at 1.3 or earlier and want to go to 1.4 you'll need to backup and restore the data you want to keep.
You can find the release notes at the link above for version 1.4 that includes New, Modified or Deleted Features, but I don't see anything there about the web server.
We don't have any instructions about patching the "embedded" operating system for the SS4000.