5 Replies Latest reply on Sep 1, 2011 2:46 PM by john_s@intel

    SS4000-E

    rlk

      I just got an email from someone in another building.  I will paste:

       

      For about a week now I have been seeing a address from your network attempting to access my workstation on port 1900/UDP. It attempts this continuously, this morning is no different. This happens around 5 – 8 times per second.

       

      2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 328 - - - - - - - RECEIVE

      2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 328 - - - - - - - RECEIVE

      2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 329 - - - - - - - RECEIVE

      2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 329 - - - - - - - RECEIVE

      2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 372 - - - - - - - RECEIVE

      2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 372 - - - - - - - RECEIVE

      2011-08-30 08:05:53 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 374 - - - - - - - RECEIVE

      2011-08-30 08:05:53 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 374 - - - - - - - RECEIVE

      2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 328 - - - - - - - RECEIVE

      2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 328 - - - - - - - RECEIVE

      2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 329 - - - - - - - RECEIVE

      2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 329 - - - - - - - RECEIVE

      2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 372 - - - - - - - RECEIVE

      2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 372 - - - - - - - RECEIVE

      2011-08-30 08:06:13 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 374 - - - - - - - RECEIVE

       

      Can you look into this?

       

       

      *********************(personal information edited)
      <end of email>

       

       

      This is the ip address of one of many of my backup boxes.  It has the latest firmware.  Is there anyway I can patch Apache on one of these NAS boxes?

        • 1. Re: SS4000-E
          edwardzh

          UDP port 1900 is used for uPnP device discovery, which I don't think is supported on SS4000-E. Could you confirm whether the NAS box is SS4000-E or SS4200-E?

          • 2. Re: SS4000-E
            rlk

            Yes, I purchase them, and they are all SS4000-E.  The claim from the other department is that the Apache server on my DAS9 backup box has been compromised, and it is now probing other nodes.

            • 3. Re: SS4000-E
              john_s@intel

              Robert,

               

              "Apache server on my DAS9 backup box"? What's that? What do you mean by it being compromised?

               

              Regards,

              John

              • 4. Re: SS4000-E
                rlk

                Hello, John:

                 

                   I don't know, exactly, but I have about five of these SS4000-E boxes.  I use them to back up Oracle databases.  The particular box that is being questioned by someone in another department is that this box is probing one of his servers.  Since this particular SS4000-E is a backup box for the database we call DAS9 (Data Acquisition System number 9), I call it the das9 backup box.  According to what I have heard, Apache is vulnerable to some kind of attack, and this box uses Apache as its web server.  Hence, I am wondering if I can get the latest Apache patch into it, somehow.  I have never done anything of the sort before.  I just upgrade the firmware, which is very easy to do.  Now, since it is a discontinued product, I doubt that I will get any more firmware patches.

                • 5. Re: SS4000-E
                  john_s@intel

                  Correct, the SS4000 was discontinued July 1, 2008. There aren't any new firmware updates available beyond the latest version 1.4b710 that was released on 09/02/2008. One caveat with the 1.4 firmware versions is updating from 1.3 or earlier to a 1.4 version is data destructive. If you're at 1.3 or earlier and want to go to 1.4 you'll need to backup and restore the data you want to keep.

                   

                  You can find the release notes at the link above for version 1.4 that includes New, Modified or Deleted Features, but I don't see anything there about the web server.

                   

                  We don't have any instructions about patching the "embedded" operating system for the SS4000.

                   

                  John