There's a huge like 27 page forum thread on it. On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com> wrote:
> are we talking can see layer two, can see via device discovery, thats a > broad term > > Is there any direct thread on specific symptoms beyond devices offline and > any traces of what takes place post infection, ive seen some comments > theyre doing port 53 vpns to send spam, just curios what else. > > Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3 > > We only have a handful of air routers with public IPs on them, everything > else is internal space > > the self replication is what im wondering about, the devices on each > network segment are subnet isolated, but still on the same layer2 > > On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote: > >> Initially... then every other radio (and switch) that radio can see. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> *From: *"Josh Reynolds" <j...@kyneticwifi.com> >> *To: *af@afmug.com >> *Sent: *Monday, May 16, 2016 8:30:12 PM >> *Subject: *Re: [AFMUG] ubnt malware >> >> >> It's self replicating. They patched this long ago. It hits people with >> radios on public IPs. >> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < >> thatoneguyst...@gmail.com> wrote: >> >>> From what im reading in their forums something set off over the weekend? >>> or is it ubnt douche nozzles? >>> >>> It sounds almost as if this malware is actively being manipulated >>> (changing from key access to foul username/password, wandering control >>> ports, etc, like script kiddies found a new toy? >>> >>> is this thing self propagating from the device? >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >