[lug] Code Red woes again.... 675 upgrade became necessary
teece at silverklein.net
Thu Aug 2 10:51:46 MDT 2001
Yes, I believe that Code Red will crash the Cisco 67x. It just
so happens that the same kind of HTML request that the IIS
attack uses hits a bug in the Cisco OS. Cisco has known about
this for almos a year, I think. But they have done nothing
about it. I'm not even sure that the latest CBOS fixes the
problem. There was a link about the original bug report, wasn't
it on this list?
I am able to upgrade the CBOS image just fine with Minicom. The
only problem I had was extracting the f***ing Windows executable
zip archive! I don't have a Windows machine. Well, I do, but
it ain't working right now. Luckily, I was able to VNC to my
Mother-in-law's machine and extract the image. Very annoying,
it is just zipped binary image.
If anyone needs a copy of the lates CBOS from Qwest, I could
send a copy. Well, assuming that is legal, I should read the
On Thursday 02 August 2001 08:38 am, Nate Duehr wrote:
> I saw something about the 67X series of routers being
> vulnerable to certain types of port 80 traffic. One way to
> get away from the problem (and probably a good idea anyway) is
> to turn off the internal web server on these routers. I saw
> step-by-step instructions on how to do so somewhere in e-mail
> this week, but can't remember where. Of course, from that
> point on you need minicom or similar on a serial port to
> access the router to make any changes needed.
> It would seem from what I was reading that the Code Red thing
> will crash Cisco 67X routers with their web servers turned
> On Thu, Aug 02, 2001 at 01:34:53AM -0600, Samartha Deva wrote:
> > This was Re: [lug] Possible DOS on CIsco 675
> > >Hello,
> > >
> > >There are reports (from Slashdot, however reliable that
> > > makes them <g>) that even if the web interface is
> > > disabled, the router can still be killed:
> > ....
> > With the first pass of Code Red, I had no problem with the
> > router but today, I had to reset mine several times and
> > while being in 675 CBOS, I got this one:
> > Operation fault at 1008cd30, subtype 02
> > Fault record is saved at 101b2a50
> > 1008cd34 : 5a003094 cmpi g4, 0
> > the router gets the port 80 accesses on network- and
> > broadcast addresses and I wonder if that could throw it off?
> > At one point, the router crashed and hosed the firewall
> > network interface.
> > Or maybe there is some stuff on the router's outside going
> > on which I can't see from inside in the firewall logs.
> > ...
> > >Apparently the only real solution is to upgrade to the
> > > 2.4.1 CBOS. Here is a link to the upgrade:
> > >
> > >http://www.qwest.com/dsl/customerservice/win675ups.html
> > >
> > >Since qwest does not believe in Linux, the upgrade
> > > instructions are for Windows. And if web and telnet access
> > > are disable, then the only way to get to the system is via
> > > serial cable. What fun!
> > I did the upgrade now. Qwest support seems totally
> > overloaded, they announced a waiting time of 29 minutes
> > which turned into over one hour and then I got disconnected.
> > To do the upgrade is actually not bad - I used Windoze
> > Hyperterminal.
> > The actual transfer of the binary is done with xmodem
> > protocol after typing the CBOS command
> > set download code
> > and I think that under Linux, Minicom could do the same
> > thing.
> > To run the Commander software as described in the Qwest
> > instructions under the URL given above is not necessary
> > either. The software on the 675 steps through all by itself,
> > keeps the old configuration and reboots.
> > Samartha
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List:
> > http://lists.lug.boulder.co.us/mailman/listinfo/lug
== Timothy Klein || teece at silverklein.net ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
More information about the LUG