Also, I should note that we had this setup correctly (!all) in version 4 of the OS. NetApp seemed to imply that the upgrade from v4 to v5 caused this. I guess in v4 a NULL value implies !all and the upgrade process replaces NULL with +all (oops). -=Kevin=- -----Original Message----- From: Kevin O'Brien Sent: Thursday, July 05, 2001 10:33 AM To: bugtraqat_private Subject: Tunnel ports allowed on NetApp NetCaches We discovered a extremely dangerous option in our NetCaches. There is an option config.http.tunnel.allow_ports that is set by default to +all that allows anyone to tunnel through your cache to any tcp port. We discovered this after we found people using it to send spam email by tunneling to port 25 on outside mail servers. To see if you are affected, connect to the console of the NetCache (not to the HTML gui) and type show config.http.tunnel.allow_ports. If it says +all you are allowing all ports to be tunneled. To fix this, type set config.http.tunnel.allow_ports !all. This will disallow any tunneling. If you have +all you will want to look through your logs for anything using the CONNECT method instead of GET to see what ports outside people connected to. Fortunately, we only saw ports 443 and 25 to hosts outside our network. BTW, I contacted NetApp on Friday about this and they are still trying to write a Field Alert to their customers...and I thought M$ was slow. Kevin O'Brien Systems/Network Administrator E! Online, LLC 323.692.4742 323.692.4700 fax
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 22:54:04 PDT