Radios could be put on private ip so nobody from outside world can access it. That is what we do.
Tushar > On May 4, 2016, at 5:22 PM, SmarterBroadband <li...@smarterbroadband.com> > wrote: > > I have received a number of emails for ab...@light-gap.net saying certain of > our IP address are being used for attacks (see email text below). > > All IP addresses are in UBNT radios. We are unable to remote access any of > the these radios now. We see that the radio we are unable to access rebooted > a couple of days ago. A number of other radios show they rebooted around the > same time (in sequence) on the AP. We are unable to remote access any of > those either. Other radios with longer uptime on the AP’s are fine. > > We have a tech on route to one of the customer sites. > > We think the radios are being made into bots. Anyone seen this or anything > like this? Do the hackers need a username and password to hack a radio? > I.E. Would a change of the password stop the changes being made to the > radios? Any other thoughts, suggestions or ideas? > > Thanks > > Adam > > Email Text below: > > “This is a semi-automated e-mail from the LG-Mailproxy authentication system, > all requests have been approved manually by the system-administrators or are > obviously unwanted (eg. requests to our spamtraps). > For further questions or if additional information is needed please reply to > this email. > > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious > behaviour on our system. > This happened already 1 times. > It might be be part of a botnet, infected by a trojan/virus or running > brute-force attacks. > > Our affected destination servers: smtp.light-gap.net, imap.light-gap.net > > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6 > different usernames and wrong password: > 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at" > (spamtrap account) > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account) > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account) > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account) > 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at" > (spamtrap account) > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account) > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account) Ongoing > failed/unauthorized logins attempts will be logged and sent to you every 24h > until the IP will be permanently banned from our systems after 72 hours. > > The Light-Gap.net Abuse Team.” >