Vulnerability Development mailing list archives
Re: cisco 677 and 678 crashes
From: brian_carpio () csgsystems com
Date: Wed, 8 Aug 2001 11:33:19 -0600 (MDT)
Also, Changing the web port on the 675 to like 111 for instance still leaves port 80 open.. after changing the port and running an nmap scan from a remote host I could still see port 80 as open.. I also dissallowed acces from any host but my internal boxes to the router.. -------------- Brian Carpio CSG Systems Inc. Open Systems Unix System Admin x3317 -------------- --- Security is a Process NOT a Product ---- On Wed, 8 Aug 2001, Thomas Lindsay wrote:
Since I run CBOS v2.3.9 on my 675 and did not want to update it, I did this trick for the original code red a couple weeks ago. It works great, best solution really for the 675. Of course be sure to disable the web interface anyway, as a port change only amounts to security through obscurity. Thomas Lindsay Systems Administrator, Social Sciences Research Facility University of Minnesota On Tue, 7 Aug 2001, George wrote:I posted a day or so ago about cisco 677 and 678 routers being crashed by the codered worm. Here is more information. First, it's codered ver 4 that's doing the damange because of the way it spawns connection attempts. It does crash the router when it hits port 80. Port 80 is the web interface but even if you disable the web server port 80 remains open and even a port scan could crash the router. I had originally suggested limiting the IP addreses that can access port 80 but that's not foolproof. We have found a much better solution in that it's possible to just change the port that the web server would use. The following is how to do that telnet to the router password enable password set web port 28000 write reboot This should pretty much make the worm a non issue for any of the 677 or 678 routers it's crashing regardless of what version of cbos they are running. If you have a different router, you might look in the commands and see if you have an option like this, I have had reports of other routers having the same problems. Geo.a-web.hist.umn.edu () trickster hist umn.edThomas Lindsay -- lindsayt () hist umn edu System Administrator, Social Science Research Facility PhD student, Department of History University of Minnesota, Minneapolis, West Bank
Current thread:
- cisco 677 and 678 crashes George (Aug 07)
- Re: cisco 677 and 678 crashes Thomas Lindsay (Aug 08)
- Re: cisco 677 and 678 crashes brian_carpio (Aug 09)
- Re: cisco 677 and 678 crashes Thomas Lindsay (Aug 08)