Re: Code red II crashes cisco 678

From: leE (leeat_private)
Date: Mon Aug 06 2001 - 02:19:19 PDT

  • Next message: X: "Re: slackware permissions"

    On Sun, 5 Aug 2001, Geo. wrote:
    
    > All day I've had customers calling with cisco 678 routers running cbos 2.4.2
    > with the web interface disabled. Seems their routers have been crashing.
    > 
    > We traced this back to the code red worm. For some reason even with web
    > disabled on these routers port 80 remains open. Simply running a port scan
    > and cutting off the connection is enough to crash the router. Locks up
    > solid.
    > 
    > I also found a solution, by doing a
    > 
    > set web remote ipaddress
    > 
    > where ipaddress is one of their internal IP's you can prevent outside
    > addresses from being able to crash the router.
    > 
    > Just a heads up guys, if you are seeing 678's crashing, give it a try, it's
    > working here.
    > 
    > Geo.
    > 
    > 
    > 
    > 
    
    Has anyone tried to replicate this on other Cisco's at all?  I ask because
    I guess it's entirely likely that chunks of IOS code are the same for
    other routers.
    
     Lee
    
    -- 
    Lee Brotherston - <leeat_private>
    http://www.nerds.org.uk
    



    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 07:46:29 PDT