Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » DSL Reports At Code Red Forefront » Cisco 6xx DSL router vulnerability -- and fix.
Uniqs:
88		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Code Red RetroVirus Request »
« Busy busy busy  

Dan Parslow

@agency.com

Cisco 6xx DSL router vulnerability -- and fix.

Some, if not all models of consumer-level Cisco broadband routers can be taken down by the Code Red worm: the worm sends a malformed HTTP GET, which, if it targets the HTTP port of the router (used by the web configuration tool) , will cause the router to halt. Certain VARs are saying that the way to correct this is to deactivate web configuration. This is not effective, as the router will still accept HTTP requests; it just won't offer the configuration screen in response. Since it still accepts requests, it still crashes.
The way to correct this is to render the HTTP port of the router inaccessible from the outside of your network. Two simple approaches, both effective, are:
1) Change the port from 80 to something obscure, like 8081. Worms don't usually bother with nonstandard ports and this particular worm never does. This is a weak solution but effective in this case.
2) Use the router's own filter rules to deny HTTP access to the router's address from the WAN interface.

If you have a proper firewall, there are even better solutions, but both of these are effective.
It has been suggested (by Cisco, I believe) that upgrading to CBOS 2.41 will correct this vulnerability. I found this to be untrue. The only solution is to completely deny access to the web configuration port.
permalink · 2001-08-06 19:34:06 · Print · Reply to this

Nexxus

@prairieinet.net

Re: Cisco 6xx DSL router vulnerability -- and fix.

I am going to try your solution I hope it fixes this problem. I have also found the cisco/qwest solution to be untrue and does not solve the problem.
permalink · 2001-08-07 04:00:54 · Reply to this
Forums » DSL Reports At Code Red ForefrontCode Red RetroVirus Request »
« Busy busy busy  

Friday, 04-Dec 02:58:10 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [140] Avast Antivirus Has Gone Mad
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [99] Comcast Makes NBC Universal Acquisition Official
· [85] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [65] Sprint Defuses GPS Privacy Media Bomb
· [64] Broadband Killed The Game Console
· [58] FCC Ponders Moving From PSTN To IP Voice
Most people now reading
· False positive in Avast! or is it real? [Security]
· Windows 7 boot manager editing questions [Microsoft Help]
· Warrior tank seem underpowered these days [World of Warcraft]
· Maximizing Rogue DPS for ToC/ToGC (3.x) [World of Warcraft]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· [Business] how to bridge a smc 8014 business class modem [Comcast HSI]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· [WotLK] Whats the level 80 pve spec for mages? [World of Warcraft]
· Heating - my dad gave me this advice... [Home Repair & Improvement]