Security Incidents mailing list archives
Re: CR vs. CoreBuilder
From: Bryan Andersen <bryan () visi com>
Date: Mon, 06 Aug 2001 12:56:58 -0500
I don't know what type of setup your Cisco 675 has for routing traffic to you. I'm using a routed subnet in ppp mode. I have the web interface disabled, restricted to a dummy IP address, and the port set to a different number. I selected an unused low number port from IANA TCP port lists. The only reboot I've had to do was on July 19th when the configuration didn't yet have the web port changed and IP address restriction set. I'm running CBOS 2.1.?. GraffiX wrote:
The only way I was able to keep the 675 from requiring a power recycle was to set a filter to disable incoming port 80 altogether. If you're not running a webserver behind the router, disabling the web interface and changing the "webserver" port to something other than 80, both on the 675, will work fine. Unfortunately, anything that listens on port 80 BEHIND the 675 that responds WILL crash the 675, regardless of what you do to the web service on the 675. Apparently, the deny all incoming port 80 filter prevents the router from evaluating the packet(s), preventing the crash. Short of that, it seems we're SOL until Cisco fixes this shit. I tested this by making sure the web interface was disabled, and changed the default port it would listen on to (59059). then turned off filter I'd set to prevent the traffic entirely, allowing it through to my web server on port 80, and within 1/2 hr, I had 6 CR probes (logged on my webserver), and the 675 had crashed. Turning the incoming port 80 denied filter back on once again prevented the crash, and has continued to prevent any crashing.
Try also setting the web server to be restricted to a bogus IP address. You could set it listen only to some 10 net address.
Good thing my webserver isn't critical, though I suspect there are plenty of folks who require their webservers to be alive behind their 675...small business customers, etc...
A number of systems I touch often are having sporatic outtages. I'd try them and I wouldn't get replies back and 5 to 10 minutes latter they are reachable again. What I'm wondering is how many of the bigger Cisco routers (and other types) are crashing taking hole segments of the net off line? -- | Bryan Andersen | bryan () visi com | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: CR vs. CoreBuilder randy (Aug 05)
- Re: CR vs. CoreBuilder dep (Aug 06)
- <Possible follow-ups>
- Re: CR vs. CoreBuilder GraffiX (Aug 06)
- Re: CR vs. CoreBuilder Bryan Andersen (Aug 06)
- Re: CR vs. CoreBuilder Homer Wilson Smith (Aug 06)
- Re: CR vs. CoreBuilder cords (Aug 06)
- RE: CR vs. CoreBuilder Curt Purdy (Aug 06)
- Re: CR vs. CoreBuilder John Hall (Aug 09)