Re: CR vs. CoreBuilder

From: terry white (twhite@aniota.com)
Date: 08/06/01 

Date: Sun, 5 Aug 2001 15:57:11 -0700 (PDT)
From: terry white <twhite@aniota.com>
To: incidents@securityfocus.com
Subject: Re: CR vs. CoreBuilder
Message-ID: <Pine.LNX.4.10.10108051536220.10832-100000@yossarian.aniota.net>

on "8-5-2001" "John Nemeth" writ:

: I have a 3Com CoreBuilder 3500 running software version 2.1.0 that
: has been falling over a lot over the last few days.

: NOTE: I don't have any proof that it is CodeRed that is causing the
: CoreBuilder to fall over, but it is highly likely.

... i've noticed a similar problem with a cisco 675 ADSL router. in
particular, i've had to do a cold boot three (3) times 'since' the CR-II
attack started. i had disabled the web command interface, and checking
revealed that still the case.
  
    what i did however, was to assign a port other than the default
(sorry) of '80'. the device has been up 21 hours, despite an order of
magnitude greater CR-II attempts. my server is not published, but in the
last 5 days, i've seen 22, 25, 25, 47, and 60 (so far today: ~16:00 PDT)
events ... 

-- 
... i'm a man , and i can change ,
    if i really have to , i guess ...