Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage, and Intel® Xeon® Processors
4784 Discussions

SS4000-E

idata
Employee
‎08-30-2011 07:53 AM
2,020 Views
Solved Jump to solution

I just got an email from someone in another building. I will paste:

For about a week now I have been seeing a address from your network attempting to access my workstation on port 1900/UDP. It attempts this continuously, this morning is no different. This happens around 5 – 8 times per second.

2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 328 - - - - - - - RECEIVE

2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 328 - - - - - - - RECEIVE

2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 329 - - - - - - - RECEIVE

2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 329 - - - - - - - RECEIVE

2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 372 - - - - - - - RECEIVE

2011-08-30 08:05:52 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 372 - - - - - - - RECEIVE

2011-08-30 08:05:53 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 374 - - - - - - - RECEIVE

2011-08-30 08:05:53 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 374 - - - - - - - RECEIVE

2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 328 - - - - - - - RECEIVE

2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 328 - - - - - - - RECEIVE

2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 329 - - - - - - - RECEIVE

2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 329 - - - - - - - RECEIVE

2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 372 - - - - - - - RECEIVE

2011-08-30 08:06:12 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 372 - - - - - - - RECEIVE

2011-08-30 08:06:13 DROP UDP 129.162.80.246 239.255.255.250 33480 1900 374 - - - - - - - RECEIVE

Can you look into this?

*********************(personal information edited)

 

This is the ip address of one of many of my backup boxes. It has the latest firmware. Is there anyway I can patch Apache on one of these NAS boxes?

0 Kudos
1 Solution
Edward_Z_Intel
Employee
‎08-30-2011 08:21 PM
721 Views
Solved Jump to solution

UDP port 1900 is used for uPnP device discovery, which I don't think is supported on SS4000-E. Could you confirm whether the NAS box is SS4000-E or SS4200-E?

View solution in original post

0 Kudos
Copy link

Link Copied

5 Replies
Edward_Z_Intel
Employee
‎08-30-2011 08:21 PM
722 Views
Solved Jump to solution

UDP port 1900 is used for uPnP device discovery, which I don't think is supported on SS4000-E. Could you confirm whether the NAS box is SS4000-E or SS4200-E?

0 Kudos
Copy link
idata
Employee
‎08-31-2011 07:47 AM
721 Views
Solved Jump to solution
In response to Edward_Z_Intel

Yes, I purchase them, and they are all SS4000-E. The claim from the other department is that the Apache server on my DAS9 backup box has been compromised, and it is now probing other nodes.

In response to Edward_Z_Intel
0 Kudos
Copy link
idata
Employee
‎09-01-2011 01:21 PM
721 Views
Solved Jump to solution
In response to idata

Robert,

"Apache server on my DAS9 backup box"? What's that? What do you mean by it being compromised?

Regards,

John

In response to idata
0 Kudos
Copy link
idata
Employee
‎09-01-2011 01:31 PM
721 Views
Solved Jump to solution
In response to idata

Hello, John:

I don't know, exactly, but I have about five of these SS4000-E boxes. I use them to back up Oracle databases. The particular box that is being questioned by someone in another department is that this box is probing one of his servers. Since this particular SS4000-E is a backup box for the database we call DAS9 (Data Acquisition System number 9), I call it the das9 backup box. According to what I have heard, Apache is vulnerable to some kind of attack, and this box uses Apache as its web server. Hence, I am wondering if I can get the latest Apache patch into it, somehow. I have never done anything of the sort before. I just upgrade the firmware, which is very easy to do. Now, since it is a discontinued product, I doubt that I will get any more firmware patches.

In response to idata
0 Kudos
Copy link
idata
Employee
‎09-01-2011 01:46 PM
721 Views
Solved Jump to solution
In response to idata

Correct, the SS4000 was discontinued July 1, 2008. There aren't any new firmware updates available beyond the latest version http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2366&DwnldID=16833&lang=eng&iid=dc_rss 1.4b710 that was released on 09/02/2008. One caveat with the 1.4 firmware versions is updating from 1.3 or earlier to a 1.4 version is data destructive. If you're at 1.3 or earlier and want to go to 1.4 you'll need to backup and restore the data you want to keep.

You can find the release notes at the link above for version 1.4 that includes New, Modified or Deleted Features, but I don't see anything there about the web server.

We don't have any instructions about patching the "embedded" operating system for the SS4000.

John

In response to idata
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.