Re: Code red II crashes cisco 678

From: JAX (jaxat_private)
Date: Mon Aug 06 2001 - 08:10:24 PDT

Next message: Vladimir Kraljevic: "RE: Code red II crashes cisco 678"

Previous message: Petruzel, Oliver: "CR II - winME? confirmation?"
In reply to: Sam: "Re: Code red II crashes cisco 678"
Next in thread: Vladimir Kraljevic: "RE: Code red II crashes cisco 678"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Sam , I have tried all those things , setting filters and all that .
I have the web disabled anyway :

cbos#sh web
WEB Configuration
Is not enabled
Currently accepts connections only from 10.0.0.2
Currently uses port 81

I have a fixed IP address so setting the filter was not so hard. Anyway my
ISP has set a filter on port 80 for all teh custommers until they are sure
that Code Red vuln. is patched.
I still get that disconect on ppp ...
Any other ideeas ?


From: "Sam" <samat_private>
Subject: Re: Code red II crashes cisco 678


> While I haven't had a chance to try and reproduce this on my 675 running
> CBOS 2.4.2, I do have a filter put in place that blocks access to port 80
> on the modem only.  You might try using the 'set filter' command that's
> part of CBOS.
>
> Placing a filter on a IP that is dynamic tends to be a pain, but, it will
> at least keep your modem from crashing.
>
> -Sam
>
> On Mon, 6 Aug 2001, JAX wrote:
>
> > Hi Geo .
> >
> >     Thanx for the advice but it's still crashing. I even changed the web
> > port to 81 , they say it's helping
> > but it did not help me . My Cbos still looses the ppp conection :
> >
> > 25 000:00:42:48 PPP        Info       PPP Termination Acknowledgement on
> > wan0-0
> > 26 000:00:42:48 PPP        Info       PPP Down Event on wan0-0
> >
> > Any ideea where this is comming from ?
> >
> > George Sas
> > ----- Original Message -----
> > From: "Geo." <georgerat_private>
> > Sent: Monday, August 06, 2001 4:43 AM
> > Subject: Code red II crashes cisco 678
> >
> >
> > > All day I've had customers calling with cisco 678 routers running cbos
> > 2.4.2
> > > with the web interface disabled. Seems their routers have been
crashing.
> > >
> > > We traced this back to the code red worm. For some reason even with
web
> > > disabled on these routers port 80 remains open. Simply running a port
scan
> > > and cutting off the connection is enough to crash the router. Locks up
> > > solid.
> > >
> > > I also found a solution, by doing a
> > >
> > > set web remote ipaddress
> > >
> > > where ipaddress is one of their internal IP's you can prevent outside
> > > addresses from being able to crash the router.
> > >
> > > Just a heads up guys, if you are seeing 678's crashing, give it a try,
> > it's
> > > working here.
> > >
> > > Geo.
> > >
> > >
> > >
> > >
> >
> >
> >
>
>

Next message: Vladimir Kraljevic: "RE: Code red II crashes cisco 678"
Previous message: Petruzel, Oliver: "CR II - winME? confirmation?"
In reply to: Sam: "Re: Code red II crashes cisco 678"
Next in thread: Vladimir Kraljevic: "RE: Code red II crashes cisco 678"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 08:27:15 PDT