[ISN] How to fix your hosed Cisco 675 Router - Especially after attack by Code Red Virus

From: InfoSec News (isnat_private)
Date: Wed Aug 08 2001 - 01:40:08 PDT

  • Next message: InfoSec News: "RE: [ISN] Code Red is Not The Problem"

    Forwarded by: Berislav Kucan <berislavat_private>
    (Our reader contributed this - I didn't pasted the hole paper as it is
    long with some html formatting and colours being used)
    How to fix your hosed Cisco 675 Router Especially after attack by 
    Code Red Virus
    Or if you accidentally erased the operating system (CBOS)
    Disclaimer: I am a private user of the Cisco Router and the Qwest DSL
    & ISP service. I am not affiliated in any way with Qwest or Cisco. I
    am providing this How-To page as a service to other Cisco 675 owners
    who are down to their last chance to save their routers.
    PLEASE NOTE: The procedure of erasing and reinstalling the CBOS is
    risky, and if done improperly, could permanently lock up your Cisco as
    badly as any worm. First try more moderate attempts, like powering off
    your Cisco for a minute and powering back on, then rebooting your PC.
    Failing that, follow only steps A.3, A.4, and all of E through G in
    this How-to procedure (using your exec and enable passwords, if any).
    If that still doesn't work, or if your router won't even let you try,
    and your DSL service people can't help either, follow these directions
    carefully, and:
    Having said that, I'll add that it worked like a charm for me! 
    Some DSL providers are advising customers with severely infected Cisco
    675 routers to throw them away and buy new ones, all because the
    infected routers will not respond to simple treatment like rebooting
    or reconfiguring. This is a bit like giving up all hope just because a
    couple of aspirin will not cure a brain tumor. However, for the Cisco
    router, an alternative treatment exists: erase the router's entire
    corrupt CBOS (Cisco Broadband Operating System), and replace it with a
    more robust version of CBOS. Like a brain surgery, this treatment for
    rescuing a Cisco 675 router wth Code Red infection carries some risk,
    but it is an appealing alternative to giving up and throwing out the
    router, particularly because the odds of successful "recovery" are
    excellent if the instructions are followed precisely.
    Since I had nothing to lose, I performed the CBOS erasure and
    reinstallation procedure after being told by my Internet Service
    Provider that I would need to purchase a new router, as mine was
    “permanently” damaged by the Code Red Worm. It worked, and now I am
    sharing my experience with other Cisco 675 users.
    The step-by-step procedure listed below was assembled from bits and
    pieces that I put together from a number of sources (acknowledged
    below), including old Cisco Hyperterminal sessions I had saved on my
    PC. I posted this “How-To” for your benefit, because I found no single
    source that had complete instructions for downloading the CBOS image,
    entering Cisco Debug, programming the CBOS in, and configuring the
    NVRAM properly all in one place. I hope it helps you.
    Berislav Kucan
    Help Net Security - http://www.net-security.org
    IP-Solutions - http://www.ip-solutions.dk
    E-mail: bkucan@net-security.org
    Phone: +385 91 513 9159
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 07:57:59 PDT