cisco 677 and 678 crashes

From: George (georgerat_private)
Date: Tue Aug 07 2001 - 15:27:32 PDT

  • Next message: NBK: "RE: IE troubles with image files"

    I posted a day or so ago about cisco 677 and 678 routers being crashed by
    the codered worm. Here is more information.
    
    First, it's codered ver 4 that's doing the damange because of the way it
    spawns connection attempts. It does crash the router when it hits port 80.
    Port 80 is the web interface but even if you disable the web server port 80
    remains open and even a port scan could crash the router.
    
    I had originally suggested limiting the IP addreses that can access port 80
    but that's not foolproof. We have found a much better solution in that it's
    possible to just change the port that the web server would use. The
    following is how to do that
    
    telnet to the router
    password
    enable
    password
    set web port 28000
    write
    reboot
    
    This should pretty much make the worm a non issue for any of the 677 or 678
    routers it's crashing regardless of what version of cbos they are running.
    If you have a different router, you might look in the commands and see if
    you have an option like this, I have had reports of other routers having the
    same problems.
    
    Geo.
    



    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 17:48:10 PDT