The thread got this far and noone has wondered how the CPE was pwned in the first place?
On Wed, May 4, 2016 at 6:55 PM, Mathew Howard <mhoward...@gmail.com> wrote: > Yeah, I looked at setting it up that way at one point, but something > didn't look like it was going to work quite the way I wanted it to... but I > probably spent all of five minutes on it, so it may very well be possible. > The way ePMP does it is really nice though... and simple. > > On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <j...@imaginenetworksllc.com> > wrote: > >> People do it for sure. I want to say there was an example on the forums >> or some where... >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> On May 4, 2016 9:35 PM, "Mathew Howard" <mhoward...@gmail.com> wrote: >> >>> I have our ePMP's setup to get their public IP via PPPoE, and the radio >>> also gets a completely separate private management IP via DHCP, which is >>> the only way you can remotely access the radio, and it doesn't even have to >>> be in a separate vlan unless you want it to be... and it's one checkbox to >>> configure it. >>> >>> I'm not sure if that can be duplicated on UBNT or not, since I haven't >>> really tried yet, but at the very least it's a lot more complicated to >>> configure. >>> >>> >>> >>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman < >>> j...@imaginenetworksllc.com> wrote: >>> >>>> It does...you just need to set it up that way. >>>> >>>> >>>> Josh Luthman >>>> Office: 937-552-2340 >>>> Direct: 937-552-2343 >>>> 1100 Wayne St >>>> Suite 1337 >>>> Troy, OH 45373 >>>> >>>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard <mhoward...@gmail.com> >>>> wrote: >>>> >>>>> I really wish Ubiquiti radios had a separate management vlan option >>>>> (in router mode), like ePMP does... >>>>> >>>>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds <j...@kyneticwifi.com> >>>>> wrote: >>>>> >>>>>> I would encourage you to put your CPEs on a management vlan, in >>>>>> RFC1918 space. >>>>>> >>>>>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband >>>>>> <li...@smarterbroadband.com> wrote: >>>>>> > Hi Tushar >>>>>> > >>>>>> > >>>>>> > >>>>>> > We run all radios in NAT mode. >>>>>> > >>>>>> > >>>>>> > >>>>>> > Adam >>>>>> > >>>>>> > >>>>>> > >>>>>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel >>>>>> > Sent: Wednesday, May 04, 2016 3:34 PM >>>>>> > To: af@afmug.com >>>>>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions? >>>>>> > >>>>>> > >>>>>> > >>>>>> > Radios could be put on private ip so nobody from outside world can >>>>>> access >>>>>> > it. That is what we do. >>>>>> > >>>>>> > Tushar >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > On May 4, 2016, at 5:22 PM, SmarterBroadband < >>>>>> li...@smarterbroadband.com> >>>>>> > wrote: >>>>>> > >>>>>> > I have received a number of emails for ab...@light-gap.net saying >>>>>> certain of >>>>>> > our IP address are being used for attacks (see email text below). >>>>>> > >>>>>> > >>>>>> > >>>>>> > All IP addresses are in UBNT radios. We are unable to remote >>>>>> access any of >>>>>> > the these radios now. We see that the radio we are unable to access >>>>>> > rebooted a couple of days ago. A number of other radios show they >>>>>> rebooted >>>>>> > around the same time (in sequence) on the AP. We are unable to >>>>>> remote >>>>>> > access any of those either. Other radios with longer uptime on the >>>>>> AP’s are >>>>>> > fine. >>>>>> > >>>>>> > >>>>>> > >>>>>> > We have a tech on route to one of the customer sites. >>>>>> > >>>>>> > >>>>>> > >>>>>> > We think the radios are being made into bots. Anyone seen this or >>>>>> anything >>>>>> > like this? Do the hackers need a username and password to hack a >>>>>> radio? >>>>>> > I.E. Would a change of the password stop the changes being made to >>>>>> the >>>>>> > radios? Any other thoughts, suggestions or ideas? >>>>>> > >>>>>> > >>>>>> > >>>>>> > Thanks >>>>>> > >>>>>> > >>>>>> > >>>>>> > Adam >>>>>> > >>>>>> > >>>>>> > >>>>>> > Email Text below: >>>>>> > >>>>>> > >>>>>> > >>>>>> > “This is a semi-automated e-mail from the LG-Mailproxy >>>>>> authentication >>>>>> > system, all requests have been approved manually by the >>>>>> > system-administrators or are obviously unwanted (eg. requests to our >>>>>> > spamtraps). >>>>>> > >>>>>> > For further questions or if additional information is needed please >>>>>> reply to >>>>>> > this email. >>>>>> > >>>>>> > >>>>>> > >>>>>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to >>>>>> suspicious >>>>>> > behaviour on our system. >>>>>> > >>>>>> > This happened already 1 times. >>>>>> > >>>>>> > It might be be part of a botnet, infected by a trojan/virus or >>>>>> running >>>>>> > brute-force attacks. >>>>>> > >>>>>> > >>>>>> > >>>>>> > Our affected destination servers: smtp.light-gap.net, >>>>>> imap.light-gap.net >>>>>> > >>>>>> > >>>>>> > >>>>>> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6 >>>>>> > different usernames and wrong password: >>>>>> > >>>>>> > 2016-05-04T23:48:40+02:00 with username " >>>>>> downloads.openscience.or.at" >>>>>> > (spamtrap account) >>>>>> > >>>>>> > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account) >>>>>> > >>>>>> > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account) >>>>>> > >>>>>> > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account) >>>>>> > >>>>>> > 2016-05-03T20:57:19+02:00 with username " >>>>>> downloads.openscience.or.at" >>>>>> > (spamtrap account) >>>>>> > >>>>>> > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap >>>>>> account) >>>>>> > >>>>>> > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap >>>>>> account) >>>>>> > Ongoing failed/unauthorized logins attempts will be logged and sent >>>>>> to you >>>>>> > every 24h until the IP will be permanently banned from our systems >>>>>> after 72 >>>>>> > hours. >>>>>> > >>>>>> > >>>>>> > >>>>>> > The Light-Gap.net Abuse Team.” >>>>>> > >>>>>> > >>>>>> >>>>> >>>>> >>>> >>> >
