Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » DSL Reports At Code Red Forefront » Cisco 6xx DSL router vulnerability -- and fix.
Search Topic:
Uniqs:
87		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Code Red RetroVirus Request »
« Busy busy busy  
AuthorAll Replies


Nexxus

@prairieinet.net		reply to Dan Parslow
Re: Cisco 6xx DSL router vulnerability -- and fix.

I am going to try your solution I hope it fixes this problem. I have also found the cisco/qwest solution to be untrue and does not solve the problem.
to forum · permalink · 2001-08-07 04:00:54 · Reply to this


Dan Parslow

@agency.com

 Some, if not all models of consumer-level Cisco broadband routers can be taken down by the Code Red worm: the worm sends a malformed HTTP GET, which, if it targets the HTTP port of the router (used by the web configuration tool) , will cause the router to halt. Certain VARs are saying that the way to correct this is to deactivate web configuration. This is not effective, as the router will still accept HTTP requests; it just won't offer the configuration screen in response. Since it still accepts requests, it still crashes.
The way to correct this is to render the HTTP port of the router inaccessible from the outside of your network. Two simple approaches, both effective, are:
1) Change the port from 80 to something obscure, like 8081. Worms don't usually bother with nonstandard ports and this particular worm never does. This is a weak solution but effective in this case.
2) Use the router's own filter rules to deny HTTP access to the router's address from the WAN interface.

If you have a proper firewall, there are even better solutions, but both of these are effective.
It has been suggested (by Cisco, I believe) that upgrading to CBOS 2.41 will correct this vulnerability. I found this to be untrue. The only solution is to completely deny access to the web configuration port.
to forum · permalink · 2001-08-06 19:34:06 · Reply to this
Forums » DSL Reports At Code Red ForefrontCode Red RetroVirus Request »
« Busy busy busy  

Tuesday, 01-Dec 10:15:42 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [62] Baltimore To Ban Lazy Cable Installs
· [53] Broadband Killed The Game Console
· [37] Rural Carriers Quickly Embracing Fiber
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
· [30] Charter Exits Chapter 11
· [22] Midcontinent Socked With Easement Lawsuit
· [14] Rogers Unveils The ISP Dream Model
· [9] Vivendi Agrees, Comcast/NBC Deal Soon
· [8] ACTA: Global Three Strikes
· [4] Monday Evening Links
Most people now reading
· Heating - my dad gave me this advice... [Home Repair & Improvement]
· Windows 7 boot manager editing questions [Microsoft Help]
· buying a one way ticket [General Questions]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· [OOL] Youtube not loading [OptimumOnline]
· [Rant] called out sick! [Rants, Raves, and Praise]
· Is Microsoft Technet ok to use for my family PC's? [Microsoft Help]
· Prevx says MS Nov 10 patches causing BSOD problems [Security]
· Why is VoIP Better than POTS? [VOIP Tech Chat]
· Fun screwing with PuG raids. [World of Warcraft]