Also, Changing the web port on the 675 to like 111 for instance still leaves port 80 open.. after changing the port and running an nmap scan from a remote host I could still see port 80 as open.. I also dissallowed acces from any host but my internal boxes to the router.. -------------- Brian Carpio CSG Systems Inc. Open Systems Unix System Admin x3317 -------------- --- Security is a Process NOT a Product ---- On Wed, 8 Aug 2001, Thomas Lindsay wrote: > Since I run CBOS v2.3.9 on my 675 and did not want to update it, I did > this trick for the original code red a couple weeks ago. It works great, > best solution really for the 675. Of course be sure to disable the web > interface anyway, as a port change only amounts to security through obscurity. > Thomas Lindsay > Systems Administrator, Social Sciences Research Facility > University of Minnesota > > On Tue, 7 Aug 2001, George wrote: > > > I posted a day or so ago about cisco 677 and 678 routers being crashed by > > the codered worm. Here is more information. > > > > First, it's codered ver 4 that's doing the damange because of the way it > > spawns connection attempts. It does crash the router when it hits port 80. > > Port 80 is the web interface but even if you disable the web server port 80 > > remains open and even a port scan could crash the router. > > > > I had originally suggested limiting the IP addreses that can access port 80 > > but that's not foolproof. We have found a much better solution in that it's > > possible to just change the port that the web server would use. The > > following is how to do that > > > > telnet to the router > > password > > enable > > password > > set web port 28000 > > write > > reboot > > > > This should pretty much make the worm a non issue for any of the 677 or 678 > > routers it's crashing regardless of what version of cbos they are running. > > If you have a different router, you might look in the commands and see if > > you have an option like this, I have had reports of other routers having the > > same problems. > > > > Geo. > > > > > > a-web.hist.umn.eduat_private Lindsay -- > lindsaytat_private > System Administrator, Social Science Research Facility > PhD student, Department of History > University of Minnesota, Minneapolis, West Bank >
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 12:47:28 PDT