[NCLUG] Re: Not Code Red (another Code Red topic)
Mark Fassler
fassler at monkeysoft.net
Mon Aug 6 23:23:38 MDT 2001
When Code Red came out, our DSL router would go down about once a day.
Over the weekend this has increased to about once every 30 minutes or so.
I've tried four different Cisco 675s. I've tried CBOS 2.0, 2.2, and
2.4.1. It seems that 2.4.1 doesn't fix the Code Red vulnerability, nor
does Cisco's suggestion of disabling the web interface.
This is a possible solution that I found on comp.dcom.sys.cisco:
---- ...from Jon Holstrom.. (slightly reformatted) ----
All day I've had customers calling with cisco 678 routers running cbos
2.4.2 with the web interface disabled. Seems their routers have been
crashing.
We traced this back to the code red worm. For some reason even with web
disabled on these routers port 80 remains open. Simply running a port
scan and cutting off the connection is enough to crash the router. Locks
up solid.
I also found a solution, by doing a
set web remote ipaddress
where ipaddress is one of their internal IP's you can prevent outside
addresses from being able to crash the router.
Just a heads up guys, if you are seeing 678's crashing, give it a try,
it's working here.
Geo.
-----------------------------------------
I would think that this, combined with Mike's suggestion to change the
port number, should make you fairly safe. (I'll find out in the morning
if our router has gone down or not...)
--
Mark Fassler
fassler at monkeysoft.net
More information about the NCLUG
mailing list