toasters September 2001

toasters@lists.teaparty.net

113 participants
151 discussions

RE: port 80 answers tcp
by Mike Sphar 25 Sep '01

25 Sep '01

Presuming you have your filers connected to the network via good-quality switches, you could enable ACLs on the switch to block port 80. We did some of that with other servers on our network during the nimda outbreak. I'm increasingly becoming of the opinion that the best defense against new viruses is a network where everything is fully switched, and every switch supports ACLS and stateful packet inspection. Speaking of which, I know there was some discussion of this a while back, but has anyone else had some real-world experience with the virus-scanning support in 6.x? We're looking into it now and still need to make the decision between Symantec and Trend Micro, and I'm wondering what other's recent experiences have been. (My gut instinct is to go with Trend Micro, only because they seem to have definitions up for new viruses long before Symantec does during these sudden outbreak situations.) -- Mike Sphar - Sr Systems Administrator - Engineering Support Peregrine Systems, Inc. -----Original Message----- From: Klinkner, Steve [mailto:Steve.Klinkner@netapp.com] Sent: Thursday, September 20, 2001 1:24 AM To: 'leigh(a)ai.mit.edu'; toasters(a)mathworks.com Subject: RE: port 80 answers tcp Short answer is: No, there isn't currently a way to prevent the filer from listening and accepting socket connections on port 80. Some additional details might be helpful. The httpd.enable option toggles HTTP access to the web hierarchy on the filer, in the case that HTTP is licensed on the filer. Port 80 is left open for purposes of administrative access - for example FilerView and SecureShare Quota Manager, even if HTTP is not licensed on the filer. Access to administrative areas can be toggled using the httpd.admin.enable option. If httpd.enable and httpd.admin.enable are both off, and HTTP is not licensed, then the server will immediately close incoming connections without reading any HTTP headers (this feature appears in 6.0 and higher). We are not currently aware of any flaws in the HTTP server which allow exploitation in the manner of the worms mentioned. Hope that helps, Steve Klinkner > -----Original Message----- > From: Leigh David Heyman [mailto:leigh@ai.mit.edu] > Sent: Wednesday, September 19, 2001 8:34 AM > To: toasters(a)mathworks.com > Subject: port 80 answers tcp > > > Hi, > I've noticed that in DoT, the filer still has tcp port 80 > open and listening > even with "options httpd.enable off." > > Since the nimda and code red worms send attack traffic to any > hosts which > respond on port 80, regardless of whether it's a vulnerable > windows webserver, > is there any way to actually prevent the filer from having > tcp port 80 open > and listening? > > Thanks, > > -Leigh > > > ===================================================================== > Leigh Heyman,GCIA Artificial Intelligence Lab > Systems Administrator Massachusetts Institute of Technology > leigh(a)ai.mit.edu 617-253-1729 > > >

1 0

RE: Net boot Linux SUSE 7.2 from a filer F840 or F230
by Buchmann, Manfred 24 Sep '01

24 Sep '01

Hi to all we set up SUSE Linux automated Installation , using , PXE , ETHERBOOT , Bootprom for SAP Aplication Servers the only thing that you must do is make the entry at the DHCP Server a detailed Technical Report is comming soon , if somebody needs more information , please send me a mail . You can use this installation method for other Aplications Regards Manfred Buchmann Network Appliance SAP Competence Center -----Original Message----- From: Fox, Adam [mailto:Adam.Fox@netapp.com] Sent: Mittwoch, 19. September 2001 20:38 To: 'Oye'; McCarthy, Tim Cc: toasters(a)mathworks.com Subject: RE: Net boot Linux SUSE 7.2 from a filer F840 or F230 >From my 6.1.1 machine: f880-rtp> options tftpd tftpd.enable off tftpd.logging off tftpd.rootdir /etc/tftpboot So set the tftpd.enable options to on. Set the tftpd.rootdir option to where ever you like and turn on logging if you want to log all of the gets. That's about it. Just be aware..at this time it only goes gets, no puts. You'll have to write data to that area via an NFS/CIFS client. -- Adam Fox NetApp Professional Services, NC adamfox(a)netapp.com > -----Original Message----- > From: Oye [mailto:Oyegbemi.Akintan@oracle.com] > Sent: Wednesday, September 19, 2001 1:48 PM > To: McCarthy, Tim > Cc: toasters(a)mathworks.com > Subject: Re: Net boot Linux SUSE 7.2 from a filer F840 or F230 > > > This is definitely helpful. I'm going to resolve to using > this solution but > I need more info on setting u p the tftp server. Also I fond > a documentation > on how to do it at > http://cui.unige.ch/info/pc/remote-boot/howto.html . > Thanks > > -Oye > > "McCarthy, Tim" wrote: > > > Well, with the F230 you are almost out of luck. > > The F820, which can run 6.0.3 or later or 6.1.1 or later > > has a tftp server on it! > > > > Enable it, point your clients to use tftp to boot from > > and it may just work!!! > > > > The F230, cannot run 6.0 or higher software. So you could > > take one of your linux boxes, make a dir on the F230, mount it > > and then use said linux box as the tftp server to boot from. > > > > Does this help? > > > > --tmac > > > > -----Original Message----- > > From: Oye [mailto:Oyegbemi.Akintan@oracle.com] > > Sent: Monday, September 17, 2001 12:40 PM > > To: toasters(a)mathworks.com > > Subject: Net boot Linux SUSE 7.2 from a filer F840 or F230 > > > > Does anyone have any idea on how to set up net boot of Suse > Linux 7.2 or > > RedHat on a filer F840 or F230? > > > > Thanks, > > Oye >

1 0

(no subject)
by Jordan Share 22 Sep '01

22 Sep '01

We have gotten several messages of the following type: Mon Sep 17 10:25:59 PDT [raid_xor_server:CRITICAL]: 206 CORR SYS ERR 201 eia:1146dc058b20000 fs:254f400 eis:0 isr:80000001 SYS ECC error on DIMM J27 at address=0x1146dc0, bit=31. Mon Sep 17 10:37:28 PDT [idle_thread0:CRITICAL]: 207 CORR SYS ERR 201 eia:f71874058b20000 fs:2b1f400 eis:0 isr:80000001 SYS ECC error on DIMM J27 at address=0xf718740, bit=31.Wed Sep 19 01:03:53 PDT [GbE-II/e8:CRITICAL]: 212 CORR SYS ERR 201 eia:1dc7590058b20000 fs:256f400 eis:0 isr:80000001 SYS ECC error on DIMM J30 at address=0x1dc75900, bit=31. Wed Sep 19 01:25:09 PDT [idle_thread0:CRITICAL]: 213 CORR SYS ERR 201 eia:11149bc058b20000 fs:2b4f400 eis:0 isr:80000001 SYS ECC error on DIMM J30 at address=0x11149bc0, bit=31. Wed Sep 19 01:40:22 PDT [idle_thread0:CRITICAL]: 214 CORR SYS ERR 201 eia:19c54f8058b30000 fs:2b0f400 eis:0 isr:80010001 SYS ECC error on DIMM J30 at address=0x19c54f80, bit=31. Wed Sep 19 07:01:22 PDT [ispfc_main:CRITICAL]: 216 CORR SYS ERR 201 eia:1ecda80058b20000 fs:2d7f400 eis:0 isr:80000001 SYS ECC error on DIMM J30 at address=0x1ecda800, bit=31. As near as I can tell, this indicates that a DIMM (or 2) has gone bad. Is that the case? Or is some level of these errors considered to be normal? Here's the output of "grep -c "CORR SYS ERR" over the last few messages files: messages.5:0 messages.4:3 messages.3:6 messages.2:16 messages.1:160 messages.0:17 messages:14 So, it looks to me like this developed somewhat recently. Should I be worried about this? Thanks, Jordan

2 2

user accounts on filers
by Kelly McQuarrie 21 Sep '01

21 Sep '01

Hello all: I want to set up separate user accounts for our admins on all of our filers, but I don't want to have to maintain it on all of them. Is there a file I can copy over to the others once I get it set up the way I want it on one of them? Thx Kelly McQuarrie Unix System Administrator Ericsson CDMA Systems

1 0

RE:
by Biesot, Gerard 21 Sep '01

21 Sep '01

Hi Jordan, It looks that the memory in slots J27 & J30 is broken. Please send me your filer s/n and shipping details and we will send you the new memory. Rgds, Gerard ******************************** Gerard Biesot Customer Support Manager EMEA phone: +31 (0)23 5686967 cell: +31 (0)6 54315465 ******************************** -----Original Message----- From: Jordan Share [mailto:iso9@phantasticant.com] Sent: Friday, September 21, 2001 3:49 AM To: 'Toasters(a)Mathworks.Com' Subject: We have gotten several messages of the following type: Mon Sep 17 10:25:59 PDT [raid_xor_server:CRITICAL]: 206 CORR SYS ERR 201 eia:1146dc058b20000 fs:254f400 eis:0 isr:80000001 SYS ECC error on DIMM J27 at address=0x1146dc0, bit=31. Mon Sep 17 10:37:28 PDT [idle_thread0:CRITICAL]: 207 CORR SYS ERR 201 eia:f71874058b20000 fs:2b1f400 eis:0 isr:80000001 SYS ECC error on DIMM J27 at address=0xf718740, bit=31.Wed Sep 19 01:03:53 PDT [GbE-II/e8:CRITICAL]: 212 CORR SYS ERR 201 eia:1dc7590058b20000 fs:256f400 eis:0 isr:80000001 SYS ECC error on DIMM J30 at address=0x1dc75900, bit=31. Wed Sep 19 01:25:09 PDT [idle_thread0:CRITICAL]: 213 CORR SYS ERR 201 eia:11149bc058b20000 fs:2b4f400 eis:0 isr:80000001 SYS ECC error on DIMM J30 at address=0x11149bc0, bit=31. Wed Sep 19 01:40:22 PDT [idle_thread0:CRITICAL]: 214 CORR SYS ERR 201 eia:19c54f8058b30000 fs:2b0f400 eis:0 isr:80010001 SYS ECC error on DIMM J30 at address=0x19c54f80, bit=31. Wed Sep 19 07:01:22 PDT [ispfc_main:CRITICAL]: 216 CORR SYS ERR 201 eia:1ecda80058b20000 fs:2d7f400 eis:0 isr:80000001 SYS ECC error on DIMM J30 at address=0x1ecda800, bit=31. As near as I can tell, this indicates that a DIMM (or 2) has gone bad. Is that the case? Or is some level of these errors considered to be normal? Here's the output of "grep -c "CORR SYS ERR" over the last few messages files: messages.5:0 messages.4:3 messages.3:6 messages.2:16 messages.1:160 messages.0:17 messages:14 So, it looks to me like this developed somewhat recently. Should I be worried about this? Thanks, Jordan

1 0

E-mail warning to CIFS users about quota limit remaining
by Grey, Michael 21 Sep '01

21 Sep '01

Does anyone have a script that I can run from within Windows NT that will provide an e-mail notification when a users home directory is above a certain (75%) threshold of available space remaining. I know the script would not be dynamic though running it once a day would be sufficient. I running 6.1R1 on a F740 Regards, Michael Grey Supervisor - Operations Support Information Technology Services Toronto Transit Commission 416-393-6791 michael.grey(a)ttc.ca

4 3

FS: Used F760's with NFS licenses
by ScottUCE＠aol.com 21 Sep '01

21 Sep '01

We have two used F760 systems available with transferable NFS licenses. NetApp hardware add-ons and additional software can be configured to suit. Please call for pricing and other details. Scott Fischmann Union Computer Exchange, Inc. 6233 Idylwood Lane Minneapolis, MN 55436 Phone: 952 935 7282 FAX: 952 935 5056 scott(a)unioncomputer.com

1 0

RE: port 80 answers tcp
by Klinkner, Steve 20 Sep '01

20 Sep '01

Short answer is: No, there isn't currently a way to prevent the filer from listening and accepting socket connections on port 80. Some additional details might be helpful. The httpd.enable option toggles HTTP access to the web hierarchy on the filer, in the case that HTTP is licensed on the filer. Port 80 is left open for purposes of administrative access - for example FilerView and SecureShare Quota Manager, even if HTTP is not licensed on the filer. Access to administrative areas can be toggled using the httpd.admin.enable option. If httpd.enable and httpd.admin.enable are both off, and HTTP is not licensed, then the server will immediately close incoming connections without reading any HTTP headers (this feature appears in 6.0 and higher). We are not currently aware of any flaws in the HTTP server which allow exploitation in the manner of the worms mentioned. Hope that helps, Steve Klinkner > -----Original Message----- > From: Leigh David Heyman [mailto:leigh@ai.mit.edu] > Sent: Wednesday, September 19, 2001 8:34 AM > To: toasters(a)mathworks.com > Subject: port 80 answers tcp > > > Hi, > I've noticed that in DoT, the filer still has tcp port 80 > open and listening > even with "options httpd.enable off." > > Since the nimda and code red worms send attack traffic to any > hosts which > respond on port 80, regardless of whether it's a vulnerable > windows webserver, > is there any way to actually prevent the filer from having > tcp port 80 open > and listening? > > Thanks, > > -Leigh > > > ===================================================================== > Leigh Heyman,GCIA Artificial Intelligence Lab > Systems Administrator Massachusetts Institute of Technology > leigh(a)ai.mit.edu 617-253-1729 > > >

4 3

RE: port 80 answers tcp
by Klinkner, Steve 20 Sep '01

20 Sep '01

> -----Original Message----- > From: Kelsey Cummings [mailto:kgc@sonic.net] > Sent: Thursday, September 20, 2001 2:29 AM > To: Klinkner, Steve > Cc: 'leigh(a)ai.mit.edu'; toasters(a)mathworks.com > Subject: Re: port 80 answers tcp > I think we'd all like to see an option to just shut it > down. Exploitable or not, if nothing more the worms > eat CPU trying to get at the webserver. Bug 53801 has been filed to address this issue. As previously noted, bug 4998 addresses the issue of changing the behavior of port 80 to "answer but hang up on you". Steve Klinkner

1 0

Windows XP and unix style CIFS authentication
by Steve Losen 20 Sep '01

20 Sep '01

We are having trouble with unix style CIFS authentication to DOT 6.0.1R3 and 6.1.1R1 from a client running Windows XP. Has anyone else tried this and perhaps figured out how to get it working? I'm not a Windows person, and I understand that XP is still in beta, but ships soon. Unix style CIFS auth uses clear text passwords, and that may need to be enabled on XP somehow. I have options cifs.trace_login on and here is the /etc/messages output: Thu Sep 20 10:08:23 EDT [CIFSAuthen:info]: Login attempt by ESERVICES\del6n from 128.143.13.181(128.143.13.181) Thu Sep 20 10:08:23 EDT [CIFSAuthen:info]: Attempting to map PC user to UNIX user del6n Thu Sep 20 10:08:24 EDT [CIFSAuthen:info]: password rejected The unix user name is correct, so I think the password is the problem. We are having no problems with W98, NT and W2000. When W2000 first came out, however, we did have problems with this until both Netapp and Microsoft released bug fixes. Steve Losen scl(a)virginia.edu phone: 434-924-0640 University of Virginia ITC Unix Support

1 0

← Newer
1
2
3
4
5
6
7
8
9
...
16
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

toasters September 2001