-- Mike Sphar - Sr Systems Administrator - Engineering Support Peregrine Systems, Inc. -----Original Message----- From: Klinkner, Steve [mailto:Steve.Klinkner@netapp.com] Sent: Thursday, September 20, 2001 1:24 AM To: 'leigh@ai.mit.edu'; toasters@mathworks.com Subject: RE: port 80 answers tcp Short answer is: No, there isn't currently a way to prevent the filer from listening and accepting socket connections on port 80. Some additional details might be helpful. The httpd.enable option toggles HTTP access to the web hierarchy on the filer, in the case that HTTP is licensed on the filer. Port 80 is left open for purposes of administrative access - for example FilerView and SecureShare Quota Manager, even if HTTP is not licensed on the filer. Access to administrative areas can be toggled using the httpd.admin.enable option. If httpd.enable and httpd.admin.enable are both off, and HTTP is not licensed, then the server will immediately close incoming connections without reading any HTTP headers (this feature appears in 6.0 and higher). We are not currently aware of any flaws in the HTTP server which allow exploitation in the manner of the worms mentioned. Hope that helps, Steve Klinkner > -----Original Message----- > From: Leigh David Heyman [mailto:leigh@ai.mit.edu] > Sent: Wednesday, September 19, 2001 8:34 AM > To: toasters@mathworks.com > Subject: port 80 answers tcp > > > Hi, > I've noticed that in DoT, the filer still has tcp port 80 > open and listening > even with "options httpd.enable off." > > Since the nimda and code red worms send attack traffic to any > hosts which > respond on port 80, regardless of whether it's a vulnerable > windows webserver, > is there any way to actually prevent the filer from having > tcp port 80 open > and listening? > > Thanks, > > -Leigh > > > ===================================================================== > Leigh Heyman,GCIA Artificial Intelligence Lab > Systems Administrator Massachusetts Institute of Technology > leigh@ai.mit.edu 617-253-1729 > > >