Re: cisco 677 and 678 crashes

From: brian_carpioat_private
Date: Wed Aug 08 2001 - 10:33:19 PDT

  • Next message: Inman, Carey: "RE: CR II - winME? confirmation? (Slightly OT)"

    Also,
    
    Changing the web port on the 675 to like 111 for instance still leaves
    port 80 open.. after changing the port and running an nmap scan from a
    remote host I could still see port 80 as open.. I also dissallowed acces
    from any host but my internal boxes to the router.. 
    
    --------------
    Brian Carpio
    CSG Systems Inc.
    Open Systems Unix System Admin
    
    x3317
    --------------
    
    --- Security is a Process NOT a Product ----
    
    On Wed, 8 Aug 2001, Thomas Lindsay wrote:
    
    > Since I run CBOS v2.3.9 on my 675 and did not want to update it, I did
    > this trick for the original code red a couple weeks ago.  It works great,
    > best solution really for the 675.  Of course be sure to disable the web
    > interface anyway, as a port change only amounts to security through obscurity.
    > Thomas Lindsay
    > Systems Administrator, Social Sciences Research Facility
    > University of Minnesota
    > 
    > On Tue, 7 Aug 2001, George wrote:
    > 
    > > I posted a day or so ago about cisco 677 and 678 routers being crashed by
    > > the codered worm. Here is more information.
    > >
    > > First, it's codered ver 4 that's doing the damange because of the way it
    > > spawns connection attempts. It does crash the router when it hits port 80.
    > > Port 80 is the web interface but even if you disable the web server port 80
    > > remains open and even a port scan could crash the router.
    > >
    > > I had originally suggested limiting the IP addreses that can access port 80
    > > but that's not foolproof. We have found a much better solution in that it's
    > > possible to just change the port that the web server would use. The
    > > following is how to do that
    > >
    > > telnet to the router
    > > password
    > > enable
    > > password
    > > set web port 28000
    > > write
    > > reboot
    > >
    > > This should pretty much make the worm a non issue for any of the 677 or 678
    > > routers it's crashing regardless of what version of cbos they are running.
    > > If you have a different router, you might look in the commands and see if
    > > you have an option like this, I have had reports of other routers having the
    > > same problems.
    > >
    > > Geo.
    > >
    > >
    > 
    > a-web.hist.umn.eduat_private Lindsay --
    > lindsaytat_private
    > System Administrator, Social Science Research Facility
    > PhD student, Department of History
    > University of Minnesota, Minneapolis, West Bank
    > 
    



    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 12:47:28 PDT