A Permanent Solution to CBOS Code Red Prevention

::Cisco CBOS Upgrade and Code Red Prevention::

Written by: Semper

In recent months Microsoft IIS servers have been getting hit hard by new worms/viruses like code red and nimda. Code Red Exploits a .ida buffer overflow in the IIS Webserver and when it infects a host it creates threads of itself and tries to infect other hosts. It also checks the IIS Server to see if it's a English server and if so it will Deface the server and replace it's homepage with "Hacked by chinese". For some reason or another Code Red seems to conflict with a bug in the 2.4.0 and earlier CBOS Software found on the Cisco 67x Series DSL Routers. Code Red will make the Cisco 67x DSL Routers unusable. Basically what this paper is going to do is walk you through upgrading the CBOS OS in the cisco router and change a couple settings to be sure that no other Windows worm/virus can render the CBOS Useless.

::6 Steps to upgrading your CBOS::

note: Backup your CBOS before upgrading!

1. Download the new CBOS image.

Download the CBOS image for the cisco 675 router Here for Windows andHere for Mac.

Download the CBOS image for the cisco 678 router Here for Windows and Here for Mac.

Execute the file and extract the cbos image into a temporary directory

2. Configure your xmodem-compatable hyperterminal client.

Set your hyperterminal settings to..

38400 bits per second
No parity
8-data bits
1-stop bit
No flow control

3. Preparing the upgrade.

Let any users that are using the internet at the time know that in just a few minutes their internet connection will be down for about 20 minutes while there are network upgrades going on. After all the users have had time to finish up what they are doing, disconnect all devices from the network including the DSL line. Plug in Management cable into the management port on the router and plug the other end into the serial port on the computer you just downloaded the new cbos image.

4. Connecting to your router

Connect to the router via your hyperterminal program and get into enabled mode.

cbos> en
password: ********

cbos#

5. Set the router to download the new cbos image.

cbos# set download code

note: While the router downloads the new image it is important not to disturb the download in any way or you might corrupt the download and corrupt the router.

In your hyperterminal client programs menu, select the menu to send the new cbos image through the xmodem protocol. It should bring up a file browser and select the new cbos image .bin file you downloaded in step one. The transfer should take between 6 and 15 minutes.

6. Rebooting the Router.

cbos# reboot

Now if everything went well and your cbos image transfer went smooth your are now ready to do some minor configurations to make sure no other worm like code red can make your router useless.

Plug the devices back into the router and your network should now have an internet connection once again

::Extra Security Precautions::

Now that your router has rebooted and is up and running it would be safer to make a few changes to make sure that no code red like worm will be able to infect your router. What we are going to do is disable and move the http port to port 81.

cbos# set web disable
cbos# set web port 81
cbos# write

Why did did we set the http port to 81 if we disabled http?

In earlier versions of cbos even though you disabled http, http would still be listening on it's default port and in the new versions of cbos that problem is supposed to be fixed, but it's better to be safe then sorry. Correct?

The "write" command adds the finishing touches to the configuration by writing your changes to memory so that when you reboot your router your changes are still in place

Congratulations! Your router now should be imune to Code Red and any future code red like worms