Hi Sam , I have tried all those things , setting filters and all that . I have the web disabled anyway : cbos#sh web WEB Configuration Is not enabled Currently accepts connections only from 10.0.0.2 Currently uses port 81 I have a fixed IP address so setting the filter was not so hard. Anyway my ISP has set a filter on port 80 for all teh custommers until they are sure that Code Red vuln. is patched. I still get that disconect on ppp ... Any other ideeas ? From: "Sam" <samat_private> Subject: Re: Code red II crashes cisco 678 > While I haven't had a chance to try and reproduce this on my 675 running > CBOS 2.4.2, I do have a filter put in place that blocks access to port 80 > on the modem only. You might try using the 'set filter' command that's > part of CBOS. > > Placing a filter on a IP that is dynamic tends to be a pain, but, it will > at least keep your modem from crashing. > > -Sam > > On Mon, 6 Aug 2001, JAX wrote: > > > Hi Geo . > > > > Thanx for the advice but it's still crashing. I even changed the web > > port to 81 , they say it's helping > > but it did not help me . My Cbos still looses the ppp conection : > > > > 25 000:00:42:48 PPP Info PPP Termination Acknowledgement on > > wan0-0 > > 26 000:00:42:48 PPP Info PPP Down Event on wan0-0 > > > > Any ideea where this is comming from ? > > > > George Sas > > ----- Original Message ----- > > From: "Geo." <georgerat_private> > > Sent: Monday, August 06, 2001 4:43 AM > > Subject: Code red II crashes cisco 678 > > > > > > > All day I've had customers calling with cisco 678 routers running cbos > > 2.4.2 > > > with the web interface disabled. Seems their routers have been crashing. > > > > > > We traced this back to the code red worm. For some reason even with web > > > disabled on these routers port 80 remains open. Simply running a port scan > > > and cutting off the connection is enough to crash the router. Locks up > > > solid. > > > > > > I also found a solution, by doing a > > > > > > set web remote ipaddress > > > > > > where ipaddress is one of their internal IP's you can prevent outside > > > addresses from being able to crash the router. > > > > > > Just a heads up guys, if you are seeing 678's crashing, give it a try, > > it's > > > working here. > > > > > > Geo. > > > > > > > > > > > > > > > > > > > >
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 08:27:15 PDT