(#35) (User #79060 Info) http://www.reric.net I, and many of my co-workers, had our home DSL routers (Cisco 675s) lock up today as this worm scanned them. There is common belief that disabling the web interface will prevent this. It's not true; mine's been disabled every since this was first reported a year ago and I still got hit. The problem is that "set web disable" prevents the web server from fiddling the router config, but doesn't actually stop the server from parsing input from port 80, which is what locks up the box. An improved workaround is to disable the web-admin interface and change its port number with "set web port 53496" (replace with some random port number). At least that'll stop it for the near term. Long term you need to get updated firmware, but of course Cisco won't distribute firmware directly to customers, even though they have public announcements of the existence of bugs and bugfixes. To actually get the firmware you have to get it from your DSL line provider (Qwest, in my case), and Qwest couldn't care less about security with respect to home users, so they've never bothered to offer fixed versions of CBOS. -- Please don't feed the engineers. Hope that helps... James Spinti jspinti at dartdist.com 952-368-3278 x396 fax 952-368-3255 |-----Original Message----- |From: tclug-list-admin at mn-linux.org |[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Timothy Wilson |Sent: Thursday, July 19, 2001 8:58 PM |To: James Spinti |Cc: tclug-list at mn-linux.org |Subject: RE: [TCLUG] Lots of denied packets. Port 80 | | |On Thu, 19 Jul 2001, James Spinti wrote: | |> According to the buzz on /., that won't help. You have to |upgrade the CBOS. |> Otherwise you have to power cycle it every time it gets hit... | |Anyone got a link for downloading the latest and greatest CBOS? | |-Tim | |-- |Tim Wilson | Visit Sibley online: | Check out: |Henry Sibley HS | http://www.isd197.org | http://www.zope.org |W. St. Paul, MN | | http://slashdot.org |wilson at visi.com | <dtml-var pithy_quote> | http://linux.com | |_______________________________________________ |tclug-list mailing list |tclug-list at mn-linux.org |https://mailman.mn-linux.org/mailman/listinfo/tclug-list |