Bugtraq mailing list archives
RE: Tunnel ports allowed on NetApp NetCaches
From: Kevin O'Brien <kevino () eonline com>
Date: Thu, 5 Jul 2001 11:54:09 -0700
Also, I should note that we had this setup correctly (!all) in version 4 of the OS. NetApp seemed to imply that the upgrade from v4 to v5 caused this. I guess in v4 a NULL value implies !all and the upgrade process replaces NULL with +all (oops). -=Kevin=- -----Original Message----- From: Kevin O'Brien Sent: Thursday, July 05, 2001 10:33 AM To: bugtraq () securityfocus com Subject: Tunnel ports allowed on NetApp NetCaches We discovered a extremely dangerous option in our NetCaches. There is an option config.http.tunnel.allow_ports that is set by default to +all that allows anyone to tunnel through your cache to any tcp port. We discovered this after we found people using it to send spam email by tunneling to port 25 on outside mail servers. To see if you are affected, connect to the console of the NetCache (not to the HTML gui) and type show config.http.tunnel.allow_ports. If it says +all you are allowing all ports to be tunneled. To fix this, type set config.http.tunnel.allow_ports !all. This will disallow any tunneling. If you have +all you will want to look through your logs for anything using the CONNECT method instead of GET to see what ports outside people connected to. Fortunately, we only saw ports 443 and 25 to hosts outside our network. BTW, I contacted NetApp on Friday about this and they are still trying to write a Field Alert to their customers...and I thought M$ was slow. Kevin O'Brien Systems/Network Administrator E! Online, LLC 323.692.4742 323.692.4700 fax
Current thread:
- RE: Tunnel ports allowed on NetApp NetCaches Kevin O'Brien (Jul 05)
- Re: Tunnel ports allowed on NetApp NetCaches Adrian Chadd (Jul 06)