Code Red close to home

2001-07-20 13:19 ☼ post

When I got home from work yesterday, I discovered that my Qwest DSL connection didn’t seem to be working. It looked like it was functioning normally based on the green glow of the LEDs, but my computers were acting like they couldn’t get through to the rest of the Internet. After I tried telnetting into my Cisco 675 and wasn’t succeeding I decided to shut it down and try again. Thankfully it cleared things up, but I still had no idea what had caused the problem.

Today while browsing through Slashdot for information on the Code Red worm (I have a sneaking suspision one of my Windows 2000 servers here at work might be infected) I discovered this tidbit:

It appears that due to the way the worm formats its HTTP request and the semi-random way it seeks out vulnerable systems, it is also causing Cisco 67x DSL routers, widely deployed by Qwest, using firmware prior to 2.4.1, as well as some others, such as 3Com LanModems, to crash — recoverable only by a power cycle.”

This new information also makes me wonder if the mysterious HP LaserJet printer crashing we experienced yesterday here at work could be caused by an infected server sending out malformed http GET requests to it. I know that some of the newer HPs have built in web management… obviously this is going to require further investigation.