RE: CR vs. CoreBuilder

["Curt Purdy" <purdy () tecman com>]

This is a side-effect of cr on 600 routers not related to the index vuln:
http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml#Affected

Curt Purdy
Information Security Engineer
DP Solutions
purdy () tecman com


-----Original Message-----
From: twhite () yossarian aniota net [mailto:twhite () yossarian aniota net]On
Behalf Of terry white
Sent: Sunday, August 05, 2001 5:57 PM
To: incidents () securityfocus com
Cc: linux-admin; bugtraq () securityfocus com
Subject: Re: CR vs. CoreBuilder


on "8-5-2001" "John Nemeth" writ:

:      I have a 3Com CoreBuilder 3500 running software version 2.1.0 that
: has been falling over a lot over the last few days.

: NOTE:  I don't have any proof that it is CodeRed that is causing the
: CoreBuilder to fall over, but it is highly likely.

... i've noticed a similar problem with a cisco 675 ADSL router.  in
particular, i've had to do a cold boot three (3) times 'since' the CR-II
attack started.  i had disabled the web command interface, and checking
revealed that still the case.

    what i did however, was to assign a port other than the default
(sorry) of '80'.  the device has been up 21 hours, despite an order of
magnitude greater CR-II attempts.  my server is not published, but in the
last 5 days, i've seen 22, 25, 25, 47, and 60 (so far today:  ~16:00 PDT)
events ...

--
... i'm a man , and i can change ,
    if i really have to , i guess ...




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com