[lug] Code Red woes again.... 675 upgrade became necessary

Tim Klein teece at silverklein.net
Thu Aug 2 10:51:46 MDT 2001 

Yes, I believe that Code Red will crash the Cisco 67x.  It just 
so happens that the same kind of HTML request that the IIS 
attack uses hits a bug in the Cisco OS.  Cisco has known about 
this for almos a year, I think.  But they have done nothing 
about it.  I'm not even sure that the latest CBOS fixes the 
problem.  There was a link about the original bug report, wasn't 
it on this list?

I am able to upgrade the CBOS image just fine with Minicom.  The 
only problem I had was extracting the f***ing Windows executable 
zip archive!  I don't have a Windows machine.  Well, I do, but 
it ain't working right now.  Luckily, I was able to VNC to my 
Mother-in-law's machine and extract the image.  Very annoying, 
it is just zipped binary image.

If anyone needs a copy of the lates CBOS from Qwest, I could 
send a copy.  Well, assuming that is legal, I should read the 
license.

Tim

On Thursday 02 August 2001 08:38 am, Nate Duehr wrote:
> I saw something about the 67X series of routers being
> vulnerable to certain types of port 80 traffic.  One way to
> get away from the problem (and probably a good idea anyway) is
> to turn off the internal web server on these routers.  I saw
> step-by-step instructions on how to do so somewhere in e-mail
> this week, but can't remember where.  Of course, from that
> point on you need minicom or similar on a serial port to
> access the router to make any changes needed.
>
> It would seem from what I was reading that the Code Red thing
> will crash Cisco 67X routers with their web servers turned
> on...
>
> On Thu, Aug 02, 2001 at 01:34:53AM -0600, Samartha Deva wrote:
> > This was Re: [lug] Possible DOS on CIsco 675
> >
> > >Hello,
> > >
> > >There are reports (from Slashdot, however reliable that
> > > makes them <g>) that even if the web interface is
> > > disabled, the router can still be killed:
> >
> > ....
> >
> > With the first pass of Code Red, I had no problem with the
> > router but today, I had to reset mine several times and
> > while being in 675 CBOS, I got this one:
> >
> > Operation fault at 1008cd30, subtype 02
> > Fault record is saved at 101b2a50
> > 1008cd34 : 5a003094           cmpi  g4, 0
> >
> > the router gets the port 80 accesses on network- and
> > broadcast addresses and I wonder if that could throw it off?
> >
> > At one point, the router crashed and hosed the firewall
> > network interface.
> >
> > Or maybe there is some stuff on the router's outside going
> > on which I can't see from inside in the firewall logs.
> >
> >
> >
> >
> > ...
> >
> > >Apparently the only real solution is to upgrade to the
> > > 2.4.1 CBOS. Here is a link to the upgrade:
> > >
> > >http://www.qwest.com/dsl/customerservice/win675ups.html
> > >
> > >Since qwest does not believe in Linux, the upgrade
> > > instructions are for Windows. And if web and telnet access
> > > are disable, then the only way to get to the system is via
> > > serial cable. What fun!
> >
> > I did the upgrade now. Qwest support seems totally
> > overloaded, they announced a waiting time of 29 minutes
> > which turned into over one hour and then I got disconnected.
> >
> > To do the upgrade is actually not bad - I used Windoze
> > Hyperterminal.
> >
> > The actual transfer of the binary is done with xmodem
> > protocol after typing the CBOS command
> >
> > set download code
> >
> > and I think that under Linux, Minicom could do the same
> > thing.
> >
> > To run the Commander software as described in the Qwest
> > instructions under the URL given above is not necessary
> > either. The software on the 675 steps through all by itself,
> > keeps the old configuration and reboots.
> >
> > Samartha
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List:
> > http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 
==============================================
== Timothy Klein || teece at silverklein.net   ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================

More information about the LUG mailing list