I have just been informed that our older AP's are susceptible to
the "Code Red" worm now propagating up and down the internet.
The AP's obviously won't catch the worm - but they are not handling the
extra long urls the infected webservers are using.
We are getting reports of them crashing when hit by the code red attack,
so if your AP's are mysteriously rebooting themselves - check to see whether
they are reachable via either the internet - or a local network with
a MS webserver.
The temporary fix for now is to goto the main menu of the AP,
configuration console http off
This will disable the built in webserver completely.
From there, you can either leave it disabled, or add legitimate hosts
to the access list - and then re-enable the http server.
To add a legitimate host 192.168.130.246, you would type from the main menu:
configuration console add 192.168.130.246
Then when you have your legitimate hosts added, you can re-enable the webserver.
Any attempts to connect to the webserver port from other hosts will be logged,
if the hosts are local and windows machines, you may want to check them
for the code red worm.
| | Jim Veneskey
:|: :|: Software Test Engineer
:|||: :|||: 320 Springside Drive Suite 350, Akron OH 44333
.:|||||||:..:|||||||:. Email: jvene@...