The notice you referenced says that CBOS v2.4.2 fixes the problem, it does not. If you have the 675 configured to allow access to the web admin port, whether or not the web admin service is enabled, it still can crash the router. I severely limit incoming packets below 1024, so I just set the web admin port number to be one that my filters drop and I've had no problems since. There is definitely still a problem with the 675, it's just not as serious as before. JMH Curt Purdy wrote: > > This is a side-effect of cr on 600 routers not related to the index vuln: > http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml#Affected > > Curt Purdy > Information Security Engineer > DP Solutions > purdyat_private > > -----Original Message----- ... > on "8-5-2001" "John Nemeth" writ: ... > ... i've noticed a similar problem with a cisco 675 ADSL router. in > particular, i've had to do a cold boot three (3) times 'since' the CR-II > attack started. i had disabled the web command interface, and checking > revealed that still the case. ... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:22:57 PDT