Re: cisco 677 and 678 crashes

From: brian_carpioat_private
Date: Wed Aug 08 2001 - 10:33:19 PDT

Next message: Inman, Carey: "RE: CR II - winME? confirmation? (Slightly OT)"

Previous message: Ken Pfeil: "RE: CR II - winME? confirmation? (Slightly OT)"
In reply to: Thomas Lindsay: "Re: cisco 677 and 678 crashes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Also,

Changing the web port on the 675 to like 111 for instance still leaves
port 80 open.. after changing the port and running an nmap scan from a
remote host I could still see port 80 as open.. I also dissallowed acces
from any host but my internal boxes to the router.. 

--------------
Brian Carpio
CSG Systems Inc.
Open Systems Unix System Admin

x3317
--------------

--- Security is a Process NOT a Product ----

On Wed, 8 Aug 2001, Thomas Lindsay wrote:

> Since I run CBOS v2.3.9 on my 675 and did not want to update it, I did
> this trick for the original code red a couple weeks ago.  It works great,
> best solution really for the 675.  Of course be sure to disable the web
> interface anyway, as a port change only amounts to security through obscurity.
> Thomas Lindsay
> Systems Administrator, Social Sciences Research Facility
> University of Minnesota
> 
> On Tue, 7 Aug 2001, George wrote:
> 
> > I posted a day or so ago about cisco 677 and 678 routers being crashed by
> > the codered worm. Here is more information.
> >
> > First, it's codered ver 4 that's doing the damange because of the way it
> > spawns connection attempts. It does crash the router when it hits port 80.
> > Port 80 is the web interface but even if you disable the web server port 80
> > remains open and even a port scan could crash the router.
> >
> > I had originally suggested limiting the IP addreses that can access port 80
> > but that's not foolproof. We have found a much better solution in that it's
> > possible to just change the port that the web server would use. The
> > following is how to do that
> >
> > telnet to the router
> > password
> > enable
> > password
> > set web port 28000
> > write
> > reboot
> >
> > This should pretty much make the worm a non issue for any of the 677 or 678
> > routers it's crashing regardless of what version of cbos they are running.
> > If you have a different router, you might look in the commands and see if
> > you have an option like this, I have had reports of other routers having the
> > same problems.
> >
> > Geo.
> >
> >
> 
> a-web.hist.umn.eduat_private Lindsay --
> lindsaytat_private
> System Administrator, Social Science Research Facility
> PhD student, Department of History
> University of Minnesota, Minneapolis, West Bank
>

Next message: Inman, Carey: "RE: CR II - winME? confirmation? (Slightly OT)"
Previous message: Ken Pfeil: "RE: CR II - winME? confirmation? (Slightly OT)"
In reply to: Thomas Lindsay: "Re: cisco 677 and 678 crashes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 12:47:28 PDT