OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bill Roemhild (broemhildSOMECOMPANY.NET)
Date: Mon Aug 06 2001 - 13:35:54 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I have found that even with 2.4.2 running the Cisco 675 still locks up..
    but..
    if you move the port for the web interface to somewhere else.. problem is
    fixed..
    well somewhat.

    cbos#set web port 65000
    You must use "write" then reboot for changes to take effect.

    cbos#write
    NVRAM written.

    Bill Roemhild

    ----- Original Message -----
    From: "John Starta" <john.startaTRIPLESTICKS.COM>
    To: <win2ksecadviceLISTSERV.NTSECURITY.NET>
    Sent: Sunday, August 05, 2001 11:11 PM
    Subject: Re: Code red II crashes cisco 678

    > Any Cisco 600 series of DSL router that has not been patched per the
    > December 2000 Cisco Security Advisory
    > (http://www.cisco.com/warp/public/707/CBOS-multiple.shtml) will stop
    > forwarding traffic when scanned by a system infected by the "Code Red"
    > worm. The power must be cycled to restore normal service. Cisco offers
    free
    > software upgrades to all affected customers of the vulnerability described
    > in the above advisory.
    >
    > jas
    >
    > At 10:43 PM 8/5/01 -0400, Geo. wrote:
    > >All day I've had customers calling with cisco 678 routers running cbos
    2.4.2
    > >with the web interface disabled. Seems their routers have been crashing.
    > >
    > >We traced this back to the code red worm. For some reason even with web
    > >disabled on these routers port 80 remains open. Simply running a port
    scan
    > >and cutting off the connection is enough to crash the router. Locks up
    > >solid.
    > >
    > >I also found a solution, by doing a
    > >
    > >set web remote ipaddress
    > >
    > >where ipaddress is one of their internal IP's you can prevent outside
    > >addresses from being able to crash the router.
    > >
    > >Just a heads up guys, if you are seeing 678's crashing, give it a try,
    it's
    > >working here.
    > >
    > >Geo.
    >
    > _____________________________________________________________________
    > ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    > ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    > SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
    >

    _____________________________________________________________________
    ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net