Security Incidents mailing list archives
Re: CR vs. CoreBuilder
From: randy <randy () eccs-com net>
Date: Sun, 5 Aug 2001 20:46:24 -0700 (PDT)
On Sun, 5 Aug 2001, terry white wrote:
on "8-5-2001" "John Nemeth" writ: : I have a 3Com CoreBuilder 3500 running software version 2.1.0 that : has been falling over a lot over the last few days. : NOTE: I don't have any proof that it is CodeRed that is causing the : CoreBuilder to fall over, but it is highly likely. ... i've noticed a similar problem with a cisco 675 ADSL router. in particular, i've had to do a cold boot three (3) times 'since' the CR-II attack started. i had disabled the web command interface, and checking revealed that still the case. what i did however, was to assign a port other than the default (sorry) of '80'. the device has been up 21 hours, despite an order of magnitude greater CR-II attempts. my server is not published, but in the last 5 days, i've seen 22, 25, 25, 47, and 60 (so far today: ~16:00 PDT) events ...
I have a very similar problem as well. I have a Cisco 675 and it has been crashing all weekened. I was running CBOS 2.20 and recently upgraded to 2.4.2 but it failed again after the upgrade. I have hit seven power cycles this weekend alone. I have also changed the port number to see if it makes any difference. It is a great suggestion. I tried a simple telnet to the router and noticed that even with the web interface disabled it still responds at the lower level. What I mean is that if the port number is set to 80 and I do a "telnet routeraddress 80" I get back a Connected to routeraddress. Escape character is '^]'. Connection closed by foreign host. But if I move the port the web interface is set to then the response on port 80 is different. It will just time out with no response at all. A note on the CBOS versions. When the unit crashed with 2.2.0 it would not respond at all on the serial interface. With 2.4.2 it will respond with a debug prompt "=>". Randy ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: CR vs. CoreBuilder randy (Aug 05)
- Re: CR vs. CoreBuilder dep (Aug 06)
- <Possible follow-ups>
- Re: CR vs. CoreBuilder GraffiX (Aug 06)
- Re: CR vs. CoreBuilder Bryan Andersen (Aug 06)
- Re: CR vs. CoreBuilder Homer Wilson Smith (Aug 06)
- Re: CR vs. CoreBuilder cords (Aug 06)
- RE: CR vs. CoreBuilder Curt Purdy (Aug 06)
- Re: CR vs. CoreBuilder John Hall (Aug 09)