This is a side-effect of cr on 600 routers not related to the index vuln: http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml#Affected Curt Purdy Information Security Engineer DP Solutions purdyat_private -----Original Message----- From: twhiteat_private [mailto:twhiteat_private]On Behalf Of terry white Sent: Sunday, August 05, 2001 5:57 PM To: incidentsat_private Cc: linux-admin; bugtraqat_private Subject: Re: CR vs. CoreBuilder on "8-5-2001" "John Nemeth" writ: : I have a 3Com CoreBuilder 3500 running software version 2.1.0 that : has been falling over a lot over the last few days. : NOTE: I don't have any proof that it is CodeRed that is causing the : CoreBuilder to fall over, but it is highly likely. ... i've noticed a similar problem with a cisco 675 ADSL router. in particular, i've had to do a cold boot three (3) times 'since' the CR-II attack started. i had disabled the web command interface, and checking revealed that still the case. what i did however, was to assign a port other than the default (sorry) of '80'. the device has been up 21 hours, despite an order of magnitude greater CR-II attempts. my server is not published, but in the last 5 days, i've seen 22, 25, 25, 47, and 60 (so far today: ~16:00 PDT) events ... -- ... i'm a man , and i can change , if i really have to , i guess ... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:10:08 PDT