I posted a day or so ago about cisco 677 and 678 routers being crashed by the codered worm. Here is more information. First, it's codered ver 4 that's doing the damange because of the way it spawns connection attempts. It does crash the router when it hits port 80. Port 80 is the web interface but even if you disable the web server port 80 remains open and even a port scan could crash the router. I had originally suggested limiting the IP addreses that can access port 80 but that's not foolproof. We have found a much better solution in that it's possible to just change the port that the web server would use. The following is how to do that telnet to the router password enable password set web port 28000 write reboot This should pretty much make the worm a non issue for any of the 677 or 678 routers it's crashing regardless of what version of cbos they are running. If you have a different router, you might look in the commands and see if you have an option like this, I have had reports of other routers having the same problems. Geo.
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 17:48:10 PDT