Vulnerability Development mailing list archives
Re: Code red II crashes cisco 678
From: "JAX" <jax () evosoft dk>
Date: Mon, 6 Aug 2001 17:10:24 +0200
Hi Sam , I have tried all those things , setting filters and all that . I have the web disabled anyway : cbos#sh web WEB Configuration Is not enabled Currently accepts connections only from 10.0.0.2 Currently uses port 81 I have a fixed IP address so setting the filter was not so hard. Anyway my ISP has set a filter on port 80 for all teh custommers until they are sure that Code Red vuln. is patched. I still get that disconect on ppp ... Any other ideeas ? From: "Sam" <sam () neuroflux com> Subject: Re: Code red II crashes cisco 678
While I haven't had a chance to try and reproduce this on my 675 running CBOS 2.4.2, I do have a filter put in place that blocks access to port 80 on the modem only. You might try using the 'set filter' command that's part of CBOS. Placing a filter on a IP that is dynamic tends to be a pain, but, it will at least keep your modem from crashing. -Sam On Mon, 6 Aug 2001, JAX wrote:Hi Geo . Thanx for the advice but it's still crashing. I even changed the web port to 81 , they say it's helping but it did not help me . My Cbos still looses the ppp conection : 25 000:00:42:48 PPP Info PPP Termination Acknowledgement on wan0-0 26 000:00:42:48 PPP Info PPP Down Event on wan0-0 Any ideea where this is comming from ? George Sas ----- Original Message ----- From: "Geo." <georger () nls net> Sent: Monday, August 06, 2001 4:43 AM Subject: Code red II crashes cisco 678All day I've had customers calling with cisco 678 routers running cbos2.4.2with the web interface disabled. Seems their routers have been
crashing.
We traced this back to the code red worm. For some reason even with
web
disabled on these routers port 80 remains open. Simply running a port
scan
and cutting off the connection is enough to crash the router. Locks up solid. I also found a solution, by doing a set web remote ipaddress where ipaddress is one of their internal IP's you can prevent outside addresses from being able to crash the router. Just a heads up guys, if you are seeing 678's crashing, give it a try,it'sworking here. Geo.
Current thread:
- Code red II crashes cisco 678 Geo. (Aug 05)
- Re: Code red II crashes cisco 678 leE (Aug 06)
- Re: Code red II crashes cisco 678 leE (Aug 07)
- Re: Code red II crashes cisco 678 JAX (Aug 06)
- Re: Code red II crashes cisco 678 Sam (Aug 06)
- Re: Code red II crashes cisco 678 JAX (Aug 06)
- Re: Code red II crashes cisco 678 Sam (Aug 06)
- RE: Code red II crashes cisco 678 Vladimir Kraljevic (Aug 06)
- Re: Code red II crashes cisco 678 Blue Boar (Aug 06)
- Re: Code red II crashes cisco 678 brian_carpio (Aug 06)
- Re: Code red II crashes cisco 678 R. Boon (Aug 08)
- <Possible follow-ups>
- Re: Code red II crashes cisco 678 Albaniantranslators.com Webmaster (Aug 06)
- RE: Code red II crashes cisco 678 Johnson, Michael (Aug 06)
- Re: Code red II crashes cisco 678 bjarne bingo (Aug 06)
- Re: Code red II crashes cisco 678 lonely wolf (Aug 07)
- Windows File Sharing and Samba Kaneda Akira (Aug 08)
- Re: Code red II crashes cisco 678 leE (Aug 06)