Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » DSL Reports At Code Red Forefront » Cisco 6xx DSL router vulnerability -- and fix.
Search Topic:
Uniqs:
84		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Code Red RetroVirus Request »
« Busy busy busy  
AuthorAll Replies


Dan Parslow

@agency.com

Cisco 6xx DSL router vulnerability -- and fix.

Some, if not all models of consumer-level Cisco broadband routers can be taken down by the Code Red worm: the worm sends a malformed HTTP GET, which, if it targets the HTTP port of the router (used by the web configuration tool) , will cause the router to halt. Certain VARs are saying that the way to correct this is to deactivate web configuration. This is not effective, as the router will still accept HTTP requests; it just won't offer the configuration screen in response. Since it still accepts requests, it still crashes.
The way to correct this is to render the HTTP port of the router inaccessible from the outside of your network. Two simple approaches, both effective, are:
1) Change the port from 80 to something obscure, like 8081. Worms don't usually bother with nonstandard ports and this particular worm never does. This is a weak solution but effective in this case.
2) Use the router's own filter rules to deny HTTP access to the router's address from the WAN interface.

If you have a proper firewall, there are even better solutions, but both of these are effective.
It has been suggested (by Cisco, I believe) that upgrading to CBOS 2.41 will correct this vulnerability. I found this to be untrue. The only solution is to completely deny access to the web configuration port.
to forum · permalink · 2001-08-06 19:34:06 · Reply to this


Nexxus

@prairieinet.net		 I am going to try your solution I hope it fixes this problem. I have also found the cisco/qwest solution to be untrue and does not solve the problem.
to forum · permalink · 2001-08-07 04:00:54 · Reply to this
Forums » DSL Reports At Code Red ForefrontCode Red RetroVirus Request »
« Busy busy busy  

Tuesday, 10-Nov 23:33:13 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [125] Moto Sold About 100,000 Droids
· [94] Verizon Keeps Swinging At AT&T
· [86] VoIP Over 3G Still Not Working For iPhone
· [67] Government Will Release Some Telco Wiretap Lobbying Documents
· [62] Verizon's Hanging Up On Rural America
· [48] Verizon's Higher ETFs Annoy Senator
· [34] Bill Would Force ISPs To Block Financial Scams
· [31] Sprint Announces Job Cuts
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [24] Google Offers Free Holiday Airport Wi-Fi
Most people now reading
· Massive Slowdowns? [cover,1584]
· RG Firmware update to VDSL2 this morning [AT&T U-verse]
· Windows 7 boot manager editing questions [Microsoft Help]
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· House inspector failed to find major gas leak [Home Repair & Improvement]
· I had enough! Let's go out on the street!! STOP THROTTLING!! [Canadian Broadband]
· [Connectivity] Slow Route and Bad RDNS [Comcast HSI]
· netTalk tk6000 [VOIP Tech Chat]