Since I run CBOS v2.3.9 on my 675 and did not want to update it, I did this trick for the original code red a couple weeks ago. It works great, best solution really for the 675. Of course be sure to disable the web interface anyway, as a port change only amounts to security through obscurity. Thomas Lindsay Systems Administrator, Social Sciences Research Facility University of Minnesota On Tue, 7 Aug 2001, George wrote: > I posted a day or so ago about cisco 677 and 678 routers being crashed by > the codered worm. Here is more information. > > First, it's codered ver 4 that's doing the damange because of the way it > spawns connection attempts. It does crash the router when it hits port 80. > Port 80 is the web interface but even if you disable the web server port 80 > remains open and even a port scan could crash the router. > > I had originally suggested limiting the IP addreses that can access port 80 > but that's not foolproof. We have found a much better solution in that it's > possible to just change the port that the web server would use. The > following is how to do that > > telnet to the router > password > enable > password > set web port 28000 > write > reboot > > This should pretty much make the worm a non issue for any of the 677 or 678 > routers it's crashing regardless of what version of cbos they are running. > If you have a different router, you might look in the commands and see if > you have an option like this, I have had reports of other routers having the > same problems. > > Geo. > > a-web.hist.umn.eduat_private Lindsay -- lindsaytat_private System Administrator, Social Science Research Facility PhD student, Department of History University of Minnesota, Minneapolis, West Bank
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:22:00 PDT