I take it the phones were Android? On Apr 10, 2016 3:29 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com> wrote:
> So we have this customer who experienced a ferocious malware, still > waiting on more details from the customer, its very interesting because it > crossed multiple platforms. multiple cell phones, a satellite DVR, a PC > etc. Im not sure how he verified infection, but he did have to factory his > phones, his PC he said required a hard drive replacement (not sure what or > who decided this) not sure how the satellite DVR was mitigated. He thinks > it came from a Rise Broadband (formerly Prairie Inet ESSID (I doubt this, > the ESSIDs prairie inet ran were open, with other security for the access) > With it being as cross platform as it was im wondering how i would check > the air router we provide to see if it got hit as well. All we do is a dump > file on the current firmware that sets a password, ensures 443 is open, > sets a DMZ to an IP out of the DHCP scope, and we manually set the ESSID > with WPA2, the key being the MAC on the label ( it think this is the WLAN) > (we disable snmp, telnet, but leave ssh open), we also turn off CDP and the > ubnt discovery > > > Im hoping he has some good info on what this actually was, and its not > just a case of his buddy jim telling him all this. > > Anybody know of something in the wild capable of hitting all these devices > across a network (wired/wireless) > > Im asking about the airrrouter in particular, considering if it were > impacted, that could be a mess at the POP since most customer NAT are in > the same subnet, with duplicate configs > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >