If you have firewall rules at the edge of the network blocking the management ports ti the airrouters that are on public IPs, they're probably fine. We still have some radios that are on old firmware, but I haven't been able to find anything on our network that's infected. Fortunately, when I was setting up the firewall rules to block access to the CPEs from outside our network, I decided it was desirable to block customers from being able to get to other customers radios as well... which should break the self replicating part of this thing, so even if it does somehow get into our network, it shouldn't be able to get far.
That said, I'm updating everything that isn't on at least 5.6.2 right away. On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com> wrote: yeah, thats amazing me, one fella was complaining about how much of a problem it would be to take a unit offline to get on a bench. I would think if things are that bad that your network is progressively shutting down, convenience would be the least of your concerns. I have to investigate a couple anomalies on the network, in the back of my mind Im hoping the air routers have been hit to put a nail in their coffins so we cam go with mikrotiks as the CPE router instead On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com> wrote: > Or threatening to sue because of their own personal ignorance and > negligence. > On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote: > >> A good amount of it is just people that don't know any better making >> false observations. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> >> *To: *af@afmug.com >> *Sent: *Monday, May 16, 2016 8:19:00 PM >> *Subject: *[AFMUG] ubnt malware >> >> From what im reading in their forums something set off over the weekend? >> or is it ubnt douche nozzles? >> >> It sounds almost as if this malware is actively being manipulated >> (changing from key access to foul username/password, wandering control >> ports, etc, like script kiddies found a new toy? >> >> is this thing self propagating from the device? >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
