Can't blame people. Looks the same. I thought they had the same web engine too.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On May 5, 2016 11:17 AM, "Chuck Macenski" <ch...@macenski.com> wrote: > I hate it when people lump airFiber into these things. I know of no > security holes in airFiber that don't require you to already be logged into > the unit (where you can change the configuration until your heart's > content). AirFiber also supports a very simple to configure management VLAN > (I don't know how it could be simpler) to keep inband managment traffic > away from the IP of the unit. If that isn't enough, you can simply disable > inband management and use the out-of-band management port; no one can then > access the management traffic from the user traffic flows. > > Good morning :) > > Chuck > > On Wed, May 4, 2016 at 11:39 PM, Mathew Howard <mhoward...@gmail.com> > wrote: > >> 5.6.2, I think, fixed one of them more serious security flaws, and that >> was released less than a year ago... and it looks like 5.6.3 and 5.6.4 >> (which was released very recently) also had security fixes. I believe most >> of those vulnerabilities applied to the AC and airFiber firmware as well. >> >> Ubiquiti has been good about releasing fixes quickly when they find >> vulnerabilities, but that doesn't help if nobody bothers to update anything. >> >> On Wed, May 4, 2016 at 9:12 PM, Eric Kuhnke <eric.kuh...@gmail.com> >> wrote: >> >>> I know about the very old firmware version for M series stuff that is >>> vulnerable to a known worm. >>> >>> But let's assume you do have ubnt devices with public IPs (which is a >>> bad idea). What's the attack surface? http, https, ssh, snmp >>> >>> Provided you have chosen a reasonably complex admin login and password >>> there are no *current, known* remote root exploits for current (or >>> within the past 2 years) ubnt firmware on M or AC devices, right? >>> >>> >>> On Wed, May 4, 2016 at 7:00 PM, Josh Luthman < >>> j...@imaginenetworksllc.com> wrote: >>> >>>> Public IP on Ubnt. What else do you need to know? >>>> >>>> Josh Luthman >>>> Office: 937-552-2340 >>>> Direct: 937-552-2343 >>>> 1100 Wayne St >>>> Suite 1337 >>>> Troy, OH 45373 >>>> On May 4, 2016 9:59 PM, "Eric Kuhnke" <eric.kuh...@gmail.com> wrote: >>>> >>>>> The thread got this far and noone has wondered how the CPE was pwned >>>>> in the first place? >>>>> >>>>> On Wed, May 4, 2016 at 6:55 PM, Mathew Howard <mhoward...@gmail.com> >>>>> wrote: >>>>> >>>>>> Yeah, I looked at setting it up that way at one point, but something >>>>>> didn't look like it was going to work quite the way I wanted it to... >>>>>> but I >>>>>> probably spent all of five minutes on it, so it may very well be >>>>>> possible. >>>>>> The way ePMP does it is really nice though... and simple. >>>>>> >>>>>> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman < >>>>>> j...@imaginenetworksllc.com> wrote: >>>>>> >>>>>>> People do it for sure. I want to say there was an example on the >>>>>>> forums or some where... >>>>>>> >>>>>>> Josh Luthman >>>>>>> Office: 937-552-2340 >>>>>>> Direct: 937-552-2343 >>>>>>> 1100 Wayne St >>>>>>> Suite 1337 >>>>>>> Troy, OH 45373 >>>>>>> On May 4, 2016 9:35 PM, "Mathew Howard" <mhoward...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> I have our ePMP's setup to get their public IP via PPPoE, and the >>>>>>>> radio also gets a completely separate private management IP via DHCP, >>>>>>>> which >>>>>>>> is the only way you can remotely access the radio, and it doesn't even >>>>>>>> have >>>>>>>> to be in a separate vlan unless you want it to be... and it's one >>>>>>>> checkbox >>>>>>>> to configure it. >>>>>>>> >>>>>>>> I'm not sure if that can be duplicated on UBNT or not, since I >>>>>>>> haven't really tried yet, but at the very least it's a lot more >>>>>>>> complicated >>>>>>>> to configure. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman < >>>>>>>> j...@imaginenetworksllc.com> wrote: >>>>>>>> >>>>>>>>> It does...you just need to set it up that way. >>>>>>>>> >>>>>>>>> >>>>>>>>> Josh Luthman >>>>>>>>> Office: 937-552-2340 >>>>>>>>> Direct: 937-552-2343 >>>>>>>>> 1100 Wayne St >>>>>>>>> Suite 1337 >>>>>>>>> Troy, OH 45373 >>>>>>>>> >>>>>>>>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard < >>>>>>>>> mhoward...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> I really wish Ubiquiti radios had a separate management vlan >>>>>>>>>> option (in router mode), like ePMP does... >>>>>>>>>> >>>>>>>>>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds < >>>>>>>>>> j...@kyneticwifi.com> wrote: >>>>>>>>>> >>>>>>>>>>> I would encourage you to put your CPEs on a management vlan, in >>>>>>>>>>> RFC1918 space. >>>>>>>>>>> >>>>>>>>>>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband >>>>>>>>>>> <li...@smarterbroadband.com> wrote: >>>>>>>>>>> > Hi Tushar >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > We run all radios in NAT mode. >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > Adam >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar >>>>>>>>>>> Patel >>>>>>>>>>> > Sent: Wednesday, May 04, 2016 3:34 PM >>>>>>>>>>> > To: af@afmug.com >>>>>>>>>>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions? >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > Radios could be put on private ip so nobody from outside world >>>>>>>>>>> can access >>>>>>>>>>> > it. That is what we do. >>>>>>>>>>> > >>>>>>>>>>> > Tushar >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > On May 4, 2016, at 5:22 PM, SmarterBroadband < >>>>>>>>>>> li...@smarterbroadband.com> >>>>>>>>>>> > wrote: >>>>>>>>>>> > >>>>>>>>>>> > I have received a number of emails for ab...@light-gap.net >>>>>>>>>>> saying certain of >>>>>>>>>>> > our IP address are being used for attacks (see email text >>>>>>>>>>> below). >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > All IP addresses are in UBNT radios. We are unable to remote >>>>>>>>>>> access any of >>>>>>>>>>> > the these radios now. We see that the radio we are unable to >>>>>>>>>>> access >>>>>>>>>>> > rebooted a couple of days ago. A number of other radios show >>>>>>>>>>> they rebooted >>>>>>>>>>> > around the same time (in sequence) on the AP. We are unable >>>>>>>>>>> to remote >>>>>>>>>>> > access any of those either. Other radios with longer uptime on >>>>>>>>>>> the AP’s are >>>>>>>>>>> > fine. >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > We have a tech on route to one of the customer sites. >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > We think the radios are being made into bots. Anyone seen >>>>>>>>>>> this or anything >>>>>>>>>>> > like this? Do the hackers need a username and password to >>>>>>>>>>> hack a radio? >>>>>>>>>>> > I.E. Would a change of the password stop the changes being >>>>>>>>>>> made to the >>>>>>>>>>> > radios? Any other thoughts, suggestions or ideas? >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > Thanks >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > Adam >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > Email Text below: >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > “This is a semi-automated e-mail from the LG-Mailproxy >>>>>>>>>>> authentication >>>>>>>>>>> > system, all requests have been approved manually by the >>>>>>>>>>> > system-administrators or are obviously unwanted (eg. requests >>>>>>>>>>> to our >>>>>>>>>>> > spamtraps). >>>>>>>>>>> > >>>>>>>>>>> > For further questions or if additional information is needed >>>>>>>>>>> please reply to >>>>>>>>>>> > this email. >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to >>>>>>>>>>> suspicious >>>>>>>>>>> > behaviour on our system. >>>>>>>>>>> > >>>>>>>>>>> > This happened already 1 times. >>>>>>>>>>> > >>>>>>>>>>> > It might be be part of a botnet, infected by a trojan/virus or >>>>>>>>>>> running >>>>>>>>>>> > brute-force attacks. >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > Our affected destination servers: smtp.light-gap.net, >>>>>>>>>>> imap.light-gap.net >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP >>>>>>>>>>> with 6 >>>>>>>>>>> > different usernames and wrong password: >>>>>>>>>>> > >>>>>>>>>>> > 2016-05-04T23:48:40+02:00 with username " >>>>>>>>>>> downloads.openscience.or.at" >>>>>>>>>>> > (spamtrap account) >>>>>>>>>>> > >>>>>>>>>>> > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap >>>>>>>>>>> account) >>>>>>>>>>> > >>>>>>>>>>> > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap >>>>>>>>>>> account) >>>>>>>>>>> > >>>>>>>>>>> > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap >>>>>>>>>>> account) >>>>>>>>>>> > >>>>>>>>>>> > 2016-05-03T20:57:19+02:00 with username " >>>>>>>>>>> downloads.openscience.or.at" >>>>>>>>>>> > (spamtrap account) >>>>>>>>>>> > >>>>>>>>>>> > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap >>>>>>>>>>> account) >>>>>>>>>>> > >>>>>>>>>>> > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap >>>>>>>>>>> account) >>>>>>>>>>> > Ongoing failed/unauthorized logins attempts will be logged and >>>>>>>>>>> sent to you >>>>>>>>>>> > every 24h until the IP will be permanently banned from our >>>>>>>>>>> systems after 72 >>>>>>>>>>> > hours. >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > The Light-Gap.net Abuse Team.” >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>> >>>>> >>> >> >
