Re: Code red II crashes cisco 678

From: bjarne bingo (kainat_private)
Date: Mon Aug 06 2001 - 11:19:42 PDT

Next message: Reverend Lola: "RE: worm atacking NTs vulnerables detected by NA 2K??"

Previous message: brian_carpioat_private: "Re: Code red II crashes cisco 678"
In reply to: Johnson, Michael: "RE: Code red II crashes cisco 678"
Next in thread: lonely wolf: "Re: Code red II crashes cisco 678"
Next in thread: Blue Boar: "Re: Code red II crashes cisco 678"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

no effect on a cisco 677 running cbos 2.4.2(latest) - tried leaving the ping
running for 10 minutes or so.


----- Original Message -----
From: "Johnson, Michael" <Michael.Johnsonat_private>
To: "'Vladimir Kraljevic'" <vladimir_kraljevicat_private>;
<VULN-DEVat_private>
Cc: "'Geo.'" <georgerat_private>
Sent: Monday, August 06, 2001 7:44 PM
Subject: RE: Code red II crashes cisco 678


> Verified on a 677 also.
>
> -----Original Message-----
> From: Vladimir Kraljevic [mailto:vladimir_kraljevicat_private]
> Sent: Monday, August 06, 2001 11:55 AM
> To: VULN-DEVat_private
> Cc: 'Geo.'
> Subject: RE: Code red II crashes cisco 678
>
>
> I've had problems with Cisco 677 (please take a search for
> 20000814172811.28516.qmailat_private).
>
> It was possible to smash the router (only power off helped) by issuing
ICMP
> echo with record route flag set (succeeded even with Win32 ping from
command
> line). Problem appeared after several echo requests of that type, not
> immediately (try ping -t -r 8 <some.non.local.ip.address> and wait 2-3
> minutes at most). However, I was not able (not enough time, as usual) to
try
> to craft fake ICMP response with recorded routes inside (maybe this allows
> an DoS against complete families of Cisco 6xx routers).
>
> Maybe related.
>
> Vladimir
>
>
> C:\>-----Original Message-----
> C:\>From: Geo. [mailto:georgerat_private]
> C:\>Sent: Monday, August 06, 2001 4:43
> C:\>To: Russ; VULN-DEVat_private;
> C:\>NTBUGTRAQat_private;
> C:\>Discussion regarding Windows-related security vulnerabilities and
> C:\>risks.; Marc Maiffret; securityat_private
> C:\>Subject: Code red II crashes cisco 678
> C:\>
> C:\>
> C:\>All day I've had customers calling with cisco 678 routers
> C:\>running cbos 2.4.2
> C:\>with the web interface disabled. Seems their routers have
> C:\>been crashing.
> C:\>
> C:\>We traced this back to the code red worm. For some reason
> C:\>even with web
> C:\>disabled on these routers port 80 remains open. Simply
> C:\>running a port scan
> C:\>and cutting off the connection is enough to crash the
> C:\>router. Locks up
> C:\>solid.
> C:\>
> C:\>I also found a solution, by doing a
> C:\>
> C:\>set web remote ipaddress
> C:\>
> C:\>where ipaddress is one of their internal IP's you can
> C:\>prevent outside
> C:\>addresses from being able to crash the router.
> C:\>
> C:\>Just a heads up guys, if you are seeing 678's crashing,
> C:\>give it a try, it's
> C:\>working here.
> C:\>
> C:\>Geo.
> C:\>
> C:\>
> C:\>
> C:\>

Next message: Reverend Lola: "RE: worm atacking NTs vulnerables detected by NA 2K??"
Previous message: brian_carpioat_private: "Re: Code red II crashes cisco 678"
In reply to: Johnson, Michael: "RE: Code red II crashes cisco 678"
Next in thread: lonely wolf: "Re: Code red II crashes cisco 678"
Next in thread: Blue Boar: "Re: Code red II crashes cisco 678"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 12:48:06 PDT