cisco 677 and 678 crashes

["George" <georger () nls net>]

I posted a day or so ago about cisco 677 and 678 routers being crashed by
the codered worm. Here is more information.

First, it's codered ver 4 that's doing the damange because of the way it
spawns connection attempts. It does crash the router when it hits port 80.
Port 80 is the web interface but even if you disable the web server port 80
remains open and even a port scan could crash the router.

I had originally suggested limiting the IP addreses that can access port 80
but that's not foolproof. We have found a much better solution in that it's
possible to just change the port that the web server would use. The
following is how to do that

telnet to the router
password
enable
password
set web port 28000
write
reboot

This should pretty much make the worm a non issue for any of the 677 or 678
routers it's crashing regardless of what version of cbos they are running.
If you have a different router, you might look in the commands and see if
you have an option like this, I have had reports of other routers having the
same problems.

Geo.