Code Red (II) Question
Brian Densmore
DensmoreB at ctbsonline.com
Wed Aug 8 22:32:59 CDT 2001
The Cisco routers affected all have unpatched IIS running on them. The 600
series DSL routers are affected by an unrelated vulnerability. Basically,
from what I understand of the problem, the traffic generated from the port
scans on 80 fill up the router's memory (various ways of doing that, qv.
http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml) and at
that point the router stops forwarding packets. At least that what I get out
of it.
> -----Original Message-----
> From: Jonathan Hutchins [mailto:hutchins at opus1.com]
> Sent: Wednesday, August 08, 2001 4:10 PM
> To: kclug at kclug.org
> Subject: Re: Code Red (II) Question
>
>
> ----- Original Message -----
> From: "Don Erickson" <derick at shark.zeni.net>
>
> > Does anyone have a grasp as to how this virus could be
> taking down routers
> > or dsl modems? Certainly the modem cannot act as a host, and the
> > bandwidth utilized by the scans is trivial...
>
> I would guess that there is a vulnerability that "looks like"
> the IE hole to
> the virus, which either overflows something or lodges unworkable code
> somewhere.
>
> People are making noise like the volume of scans is
> significant, due to the
> number of distributed sources for the scans. The DOS phase
> attempts to take
> out a specific host (ie whitehouse.gov), but the contagion phase is
> apparently causing bandwidth problems.
>
>
>
> majordomo at kclug.org
>
More information about the Kclug
mailing list