The Code Red worm
will also bring down internet connections of dsl
customers who have a Cisco 67x
(especially the 675) modem
This happens because these routers
have a web interface
that allows you to view stats
on the router
. When code red launches an attack, the Ciscos get spammed with bad packets
. The Cisco's natural response to this is to shut down the WAN
interface (see: design flaw
There are two ways to fix
this. The first, also the easiest, is to simply power cycle
the router. Unplug it for a few seconds, plug it back in, and you should be up for a while. The next time code red attacks however, it will just go back down. The second will actually prevent code red from shutting down the router.
or Terminal into the router
. Enter your exec password
, and at the "CBOS
>" prompt type "enable" and press enter. When it asks for another password, just press enter. You should see "CBOS
#".. type "set web disable", and press enter. Then type "write", press enter. Then type "reboot" and press enter. This will shut down the web interface and keep code red from taking down the router.
Update: There is another command you must enter or your connection will still go down periodically. At a CBOS#, type "set web port 55555". Then type "write", then "reboot". That will take care of code red issues.
Another Update: The long-term solution to code red and its variants has arrived in the form of a new version of CBOS. Flashing your Cisco 67x with CBOS v2.4.3 should take care of all your Code Red/Code Red II/Nimda problems, you can even use the web interface!
Click Here for more info on the Cisco 67x.