Code Red Refunds?

bubblegoose writes "In Washington state Qwest customers are asking for a refund due to losses of service during the Code Red thing. Qwest is refusing to give the refunds. Excite has a story about it here." I tend to think this is just complaining bull crap. My net connection when down too, and I don't run around demanding $5 back. I'd be more upset if I was a business and my server rooted by this. The irony is that this will probably end up just pushing subscription software.

Qwest

[Frijoles]

I use Qwest for both my DSL and ISP. I thought they were very helpful during this whole Code Red thing. Qwest called and left a message on my answering machine detailing how I could fix my DSL modem and patch my computer so that I would not be infected. They also called back to see if I had received their message and if I needed any help. I've been very happy with Qwest and was surprised by their customer support.

Anyway, point is.. I think they do a great job. Keep up the good work Qwest.

Damn

[banky]

I've never taken the time to write an angry post about the editorial content... but sheesh.

First, if you lost cablemodem service for almost a WEEK, WHILE BEING LIED TO about the cause, wouldn't you be a little mad? This was the case here in Fairfax. They tried to say it was "sheduled router upgrades", only to backpedal a couple days later after everyone figured it out (and they had to implore their users to patch, and their email system was down, etc etc).

Second, I guess I'm wacky, but if I pay for something, I want what I paid for, as other people have said here. I pay $45 a month for cable service. I don't call and complain if it goes out during a storm for a couple hours. But if its down for DAYS, their tech support line is TURNED OFF, and no one will tell me when it's coming back up, I expect to not have to pay for this service! I am not being given anything but a blinking data light. Some of us do not maintain multiple backup dial-up accounts; yes, I'll freely admin I'm spoiled by broadband, but at the same time, I can't justify spending $25 a month in case I lose my connection for a week.All the DSL providers in my area are dead or dying; roadrunner is my only option besides modeming (which is a bad scene in and of itself, die to "multiplexed lines" or some such nonsense which means I get 28.8 tops).

Third, if no one says anything and just rolls over, then the company will not be challenged to provide a high level of service, since they will know customers will just take it.

Sorry, Taco, but you're a helmet.

Code Red and Cisco 675

[Alex+Belits]

My provider isn't "The Wicked Q of the West", but I ended up downloading Cisco 675 CBOS upgrade from their site. This is what happened.

1. I have received announcements about Code Red in everything security-related that I was subscribed to, and as usual, ignored it because I don't use IIS, Windows and other garbage of that kind.

2. Cisco 675 router that connects me to my providers (ISP is Megapath, line was Rhythms) started hanging in the most outrageous manner possible, being not accessible even from its serial console that I have attached to one of my Linux boxes through USB multiport serial converter. It was "outrageous" and not merely "bad" because same Linux box happened to have still-working Ricochet modem attached to another USB port, and I was able to reach it from work even when DSL was down, but couldn't reset DSL until I was physically at home.

3. Later announcements mentioned Cisco routers as vulnerability, and recommended to disable web administration on the router as a workaround, and upgrade the firmware. Cisco page mentioned an upgrade but did not offer anything to download -- required to call their phone number or email them and beg for firmware update. Knowing that everybody who ever bought Cisco 6xx, plus a bunch of people who didn't know how their company's Catalyst differs from bitty box 675, will be trying to reach Cisco, I have chosen to do a workaround.

4. I have disabled web administration, it stopped working, but router continued listening on the port 80. I assumed, it will just ignore all data that it receives, so a bug won't be triggered.

5. Router still hangs. I have set a filter to block everything that comes from outside to the port 80 on the router. It looked like router stopped responding to this, so I was confident that I am not vulnerable to that thing anymore.

6. Router still hangs. Apparently my mind was not advanced enough to comprehend the brokenness of CBOS -- broken code was receiving packets BEFORE THEY PASSED THE FILTERS.

7. I have looked at the Cisco site to check if they got the idea, how many requests for copies of CBOS patches they are supposed to process and posted the binaries. Nothing -- the page still contained a phone number and email address, and since I was at home, I could be pretty sure that people who were supposed to answer at Cisco weren't at work either.

As opposed to other Cisco products, CBOS has no optional pieces, and is useful for a single puprose of upgrading shitty 6xx boxes, so why they needed my phone call to make sure that I am indeed going to use their software to upgrade their router and not, say, print as a hex dump and smoke it, is still a mystery for me.

8. While constantly resetting Cisco, I have started IRC, and asked some of my friends if they know, where to find those damn patches. After few minutes I have received some rather unflattering description of CBOS, Cisco and Intel (who happened to be the real authors of this shit), and the URL on Qwest site with CBOS images.

9. CBOS images were distributed as Windows executables, with Windows upload program but no instructions -- probably following the logic that if a customer has his servers infected by a virus, running downloaded executables is the least of his concerns. Fortunately, Windows executable was a wrapped zip file, and upload procedure over a serial console was in the router's documentation.

10. Router worked fine ever since, but it looks like it's still impossible to filter or completely disable web administration on it.

---

Of course, this was that simple only because I had a full access ("exec" and "enable" passwords) to the router. I am afraid to think, how Qwest technicians would have to work if they had to upgrade customers' routers over the network while routers were being attacked, or to distribute passwords to the customers to make them able to run the updater program (I have never seen it running, I assume that it uploads updates either by xmodem over console or by TFTP -- in the first case only customer can enter the password, and in the second one _someone_ has to login to the router and still enter the password), so I kinda understand why Qwest couldn't do much in this situation. OTOH, Cisco could at least issue binary patches as a public-accessible download.