The Code Red
worm will also bring down internet connections of
dsl customers who have a
Cisco 67x (especially the 675)
modem/
router.
This happens because these
routers have a
web interface that allows you to view
stats on the
router. When code red launches an attack, the Ciscos get spammed with
bad packets. The Cisco's natural response to this is to shut down the
WAN interface (see:
design flaw).
There are two ways to
fix this. The first, also the easiest, is to simply
power cycle the router. Unplug it for a few seconds, plug it back in, and you should be up for a while. The next time code red attacks however, it will just go back down. The second will actually prevent code red from shutting down the router.
Telnet or
Terminal into the router. Enter your
exec password, and at the "
CBOS>" prompt type "enable" and press enter. When it asks for another password, just press enter. You should see "
CBOS#".. type "set web disable", and press enter. Then type "write", press enter. Then type "reboot" and press enter. This will shut down the web interface and keep code red from taking down the router.
Update: There is another command you must enter or your connection will still go down periodically. At a CBOS#, type "set web port 55555". Then type "write", then "reboot". That will take care of code red issues.
Another Update: The long-term solution to code red and its variants has arrived in the form of a new version of CBOS. Flashing your Cisco 67x with CBOS v2.4.3 should take care of all your Code Red/Code Red II/Nimda problems, you can even use the web interface!
Click Here for more info on the Cisco 67x.