Code Red and the Cisco Side Effect

Collateral damage irks users

Acres of newsprint have been devoted to the outbreak of the Code Red worm but little attention has been given to the collateral damage its outbreak is creating.

Although Code Red targets IIS web servers, a number of readers have contacted us to report denial of service problems with Cisco DSL routers that are linked to the worm.

A check on Cisco's Web site confirms that several products (including DSL routers, IP Phones and wireless networking access kit) may be vulnerable to denial of service: a side effect of the Code Red worm, which can expose unrelated problems with Cisco's kit.

Cisco has produced an advisory detailing available upgrades and workarounds. The advisory also explains which of its products run IIS, and which need to be patched with Microsoft's fix for the index server vulnerability that Code Red exploits.

It seems that HP print servers and other network-infrastructure hardware equipped with a Web interface can also fall over if scanned by Code Red - although there is considerable disagreement in security circles as to how serious a problem this is.

According to Roy Hills, testing development director at security testing specialists NTA Monitor, it is relatively easy to prevent problems involving Code Red and corporate networking kit. All you have to do is to ensure that device configuration tools are not visible from the Internet.

On many occasions it's also possible to turn off web-based management... but it's much harder to minimise exposure to problems with DSL routers as they naturally sit outside a firewall, he adds.

With DSL routers, less knowledgeable users will have to look for help from their ISP to configure a router securely, according to Hills. ®

External links

Cisco's advisory

Related Stories

MS internal network whacked by Code Red
Son of Code Red is born
Internet survives Code Red
IIS worm made to packet Whitehouse.gov
IIS buffer-overrun attack has been scripted

Sponsored: RAID: End of an era?