Re: cisco 677 and 678 crashes

[Thomas Lindsay <lindsayt () hist umn edu>]

Since I run CBOS v2.3.9 on my 675 and did not want to update it, I did
this trick for the original code red a couple weeks ago.  It works great,
best solution really for the 675.  Of course be sure to disable the web
interface anyway, as a port change only amounts to security through obscurity.
Thomas Lindsay
Systems Administrator, Social Sciences Research Facility
University of Minnesota

On Tue, 7 Aug 2001, George wrote:

> I posted a day or so ago about cisco 677 and 678 routers being crashed by
> the codered worm. Here is more information.
>
> First, it's codered ver 4 that's doing the damange because of the way it
> spawns connection attempts. It does crash the router when it hits port 80.
> Port 80 is the web interface but even if you disable the web server port 80
> remains open and even a port scan could crash the router.
>
> I had originally suggested limiting the IP addreses that can access port 80
> but that's not foolproof. We have found a much better solution in that it's
> possible to just change the port that the web server would use. The
> following is how to do that
>
> telnet to the router
> password
> enable
> password
> set web port 28000
> write
> reboot
>
> This should pretty much make the worm a non issue for any of the 677 or 678
> routers it's crashing regardless of what version of cbos they are running.
> If you have a different router, you might look in the commands and see if
> you have an option like this, I have had reports of other routers having the
> same problems.
>
> Geo.

a-web.hist.umn.edu () trickster hist umn.edThomas Lindsay --
lindsayt () hist umn edu
System Administrator, Social Science Research Facility
PhD student, Department of History
University of Minnesota, Minneapolis, West Bank