Posted this in networking as well, but I think it could help some people out so going here for exposure.
Well, we all know that the red code worm is a pain in the ass.
Here in the Seattle area, several people with Qwest DSL are having tremendous problems with their Cisco routers crashing every 2-3 hours.
After doing a lot of research, there seems to be something I've found that works.
Red Code propagates by scanning for web services on random ips. Cisco 67xs and other routers have a web management interface that can be queried by this. After too many such queries the router will crash and hard lock.
What I've discovered (through reading others' discoveries
), is that when you set the web service to disabled on the router, it is not completely disabled. By doing a query of the port, you will get a web page that says access denied. So a page is still getting served, the router is still putting out work for these requests.
To get around this, I changed the port number on the web service to something other than port 80. By default all web attempts go to that port. When the port is changed, instead of throwing up an access denied web page on a request, the request just times out, because the router effectively ignores it. It's still a slight bandwidth hit, but at least it's not crashing the router at this point.
Hope this helps some people out, my router at the office has now been up for almost 20 hours, and my previous record was less than 4.
Well, we all know that the red code worm is a pain in the ass.
Here in the Seattle area, several people with Qwest DSL are having tremendous problems with their Cisco routers crashing every 2-3 hours.
After doing a lot of research, there seems to be something I've found that works.
Red Code propagates by scanning for web services on random ips. Cisco 67xs and other routers have a web management interface that can be queried by this. After too many such queries the router will crash and hard lock.
What I've discovered (through reading others' discoveries
), is that when you set the web service to disabled on the router, it is not completely disabled. By doing a query of the port, you will get a web page that says access denied. So a page is still getting served, the router is still putting out work for these requests.To get around this, I changed the port number on the web service to something other than port 80. By default all web attempts go to that port. When the port is changed, instead of throwing up an access denied web page on a request, the request just times out, because the router effectively ignores it. It's still a slight bandwidth hit, but at least it's not crashing the router at this point.
Hope this helps some people out, my router at the office has now been up for almost 20 hours, and my previous record was less than 4.
Facebook
Twitter