| Cisco 6xx DSL router vulnerability -- and fix. Some, if not all models of consumer-level Cisco broadband routers can be taken down by the Code Red worm: the worm sends a malformed HTTP GET, which, if it targets the HTTP port of the router (used by the web configuration tool) , will cause the router to halt. Certain VARs are saying that the way to correct this is to deactivate web configuration. This is not effective, as the router will still accept HTTP requests; it just won't offer the configuration screen in response. Since it still accepts requests, it still crashes.
The way to correct this is to render the HTTP port of the router inaccessible from the outside of your network. Two simple approaches, both effective, are:
1) Change the port from 80 to something obscure, like 8081. Worms don't usually bother with nonstandard ports and this particular worm never does. This is a weak solution but effective in this case.
2) Use the router's own filter rules to deny HTTP access to the router's address from the WAN interface.
If you have a proper firewall, there are even better solutions, but both of these are effective.
It has been suggested (by Cisco, I believe) that upgrading to CBOS 2.41 will correct this vulnerability. I found this to be untrue. The only solution is to completely deny access to the web configuration port. |
