[lug] Code Red woes again.... 675 upgrade became necessary

Nate Duehr nate at natetech.com
Thu Aug 2 08:38:18 MDT 2001 

I saw something about the 67X series of routers being vulnerable to
certain types of port 80 traffic.  One way to get away from the problem
(and probably a good idea anyway) is to turn off the internal web server
on these routers.  I saw step-by-step instructions on how to do so
somewhere in e-mail this week, but can't remember where.  Of course,
from that point on you need minicom or similar on a serial port to
access the router to make any changes needed.

It would seem from what I was reading that the Code Red thing will crash
Cisco 67X routers with their web servers turned on...


On Thu, Aug 02, 2001 at 01:34:53AM -0600, Samartha Deva wrote:
> This was Re: [lug] Possible DOS on CIsco 675
> 
> >Hello,
> >
> >There are reports (from Slashdot, however reliable that makes them <g>)
> >that even if the web interface is disabled, the router can still be
> >killed:
> 
> ....
> 
> With the first pass of Code Red, I had no problem with the router but
> today, I had to reset mine several times and while being in 675 CBOS, I got
> this one:
> 
> Operation fault at 1008cd30, subtype 02
> Fault record is saved at 101b2a50
> 1008cd34 : 5a003094           cmpi  g4, 0
> 
> the router gets the port 80 accesses on network- and broadcast
> addresses and I wonder if that could throw it off?
> 
> At one point, the router crashed and hosed the firewall network interface.
> 
> Or maybe there is some stuff on the router's outside going on
> which I can't see from inside in the firewall logs.
> 
> 
> 
> 
> ...
> 
> >Apparently the only real solution is to upgrade to the 2.4.1 CBOS. Here
> >is a link to the upgrade:
> >
> >http://www.qwest.com/dsl/customerservice/win675ups.html
> >
> >Since qwest does not believe in Linux, the upgrade instructions are for
> >Windows. And if web and telnet access are disable, then the only way to
> >get to the system is via serial cable. What fun!
> 
> I did the upgrade now. Qwest support seems totally overloaded, they
> announced a waiting time of 29 minutes which turned into over one
> hour and then I got disconnected.
> 
> To do the upgrade is actually not bad - I used Windoze Hyperterminal.
> 
> The actual transfer of the binary is done with xmodem protocol
> after typing the CBOS command
> 
> set download code
> 
> and I think that under Linux, Minicom could do the same thing.
> 
> To run the Commander software as described in the Qwest instructions
> under the URL given above is not necessary either. The software
> on the 675 steps through all by itself, keeps the old configuration
> and reboots.
> 
> Samartha
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.

More information about the LUG mailing list