How to fix your hosed Cisco 675 Router - Especially after attack by Code Red Virus

[InfoSec News <isn () c4i org>]

Forwarded by: Berislav Kucan <berislav () globalnet hr>

http://www.net-security.org/mirror/cisco675-cr/

(Our reader contributed this - I didn't pasted the hole paper as it is
long with some html formatting and colours being used)

How to fix your hosed Cisco 675 Router Especially after attack by 
Code Red Virus

Or if you accidentally erased the operating system (CBOS)

Disclaimer: I am a private user of the Cisco Router and the Qwest DSL
& ISP service. I am not affiliated in any way with Qwest or Cisco. I
am providing this How-To page as a service to other Cisco 675 owners
who are down to their last chance to save their routers.

PLEASE NOTE: The procedure of erasing and reinstalling the CBOS is
risky, and if done improperly, could permanently lock up your Cisco as
badly as any worm. First try more moderate attempts, like powering off
your Cisco for a minute and powering back on, then rebooting your PC.
Failing that, follow only steps A.3, A.4, and all of E through G in
this How-to procedure (using your exec and enable passwords, if any).
If that still doesn't work, or if your router won't even let you try,
and your DSL service people can't help either, follow these directions
carefully, and:

ATTEMPT THIS FIX ONLY AS A LAST-DITCH ALTERNATIVE TO INCINERATING YOUR
CISCO ROUTER.

Having said that, I'll add that it worked like a charm for me! 

Some DSL providers are advising customers with severely infected Cisco
675 routers to throw them away and buy new ones, all because the
infected routers will not respond to simple treatment like rebooting
or reconfiguring. This is a bit like giving up all hope just because a
couple of aspirin will not cure a brain tumor. However, for the Cisco
router, an alternative treatment exists: erase the router's entire
corrupt CBOS (Cisco Broadband Operating System), and replace it with a
more robust version of CBOS. Like a brain surgery, this treatment for
rescuing a Cisco 675 router wth Code Red infection carries some risk,
but it is an appealing alternative to giving up and throwing out the
router, particularly because the odds of successful "recovery" are
excellent if the instructions are followed precisely.

Since I had nothing to lose, I performed the CBOS erasure and
reinstallation procedure after being told by my Internet Service
Provider that I would need to purchase a new router, as mine was
?permanently? damaged by the Code Red Worm. It worked, and now I am
sharing my experience with other Cisco 675 users.

The step-by-step procedure listed below was assembled from bits and
pieces that I put together from a number of sources (acknowledged
below), including old Cisco Hyperterminal sessions I had saved on my
PC. I posted this ?How-To? for your benefit, because I found no single
source that had complete instructions for downloading the CBOS image,
entering Cisco Debug, programming the CBOS in, and configuring the
NVRAM properly all in one place. I hope it helps you.

[...]

Berislav Kucan
Help Net Security - http://www.net-security.org
IP-Solutions - http://www.ip-solutions.dk
E-mail: bkucan () net-security org
Phone: +385 91 513 9159




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.