Man, if I were a malware writer Id have had this at least leave the gui login page accessible, this was you could harves operator username and passwords to attack other network devices visible
On Mon, May 16, 2016 at 9:14 PM, Josh Luthman <j...@imaginenetworksllc.com> wrote: > If you can't ssh/http you need to do tftp recovery. > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Mon, May 16, 2016 at 10:13 PM, TJ Trout <t...@voltbb.com> wrote: > >> Anyone have luck fixing a unit that won't respond to ssh or http? >> >> On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller < >> par...@cyberbroadband.net> wrote: >> >>> >>> Yup. Spent 3 hours reading it all last night.... >>> >>> >>> ----- Original Message ----- >>> *From:* Josh Reynolds <j...@kyneticwifi.com> >>> *To:* af@afmug.com >>> *Sent:* Monday, May 16, 2016 8:56 PM >>> *Subject:* Re: [AFMUG] ubnt malware >>> >>> There's a huge like 27 page forum thread on it. >>> On May 16, 2016 8:38 PM, "That One Guy /sarcasm" < >>> thatoneguyst...@gmail.com> wrote: >>> >>>> are we talking can see layer two, can see via device discovery, thats a >>>> broad term >>>> >>>> Is there any direct thread on specific symptoms beyond devices offline >>>> and any traces of what takes place post infection, ive seen some comments >>>> theyre doing port 53 vpns to send spam, just curios what else. >>>> >>>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and >>>> 3 >>>> >>>> We only have a handful of air routers with public IPs on them, >>>> everything else is internal space >>>> >>>> the self replication is what im wondering about, the devices on each >>>> network segment are subnet isolated, but still on the same layer2 >>>> >>>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote: >>>> >>>>> Initially... then every other radio (and switch) that radio can see. >>>>> >>>>> >>>>> >>>>> ----- >>>>> Mike Hammett >>>>> Intelligent Computing Solutions <http://www.ics-il.com/> >>>>> <https://www.facebook.com/ICSIL> >>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>> <https://twitter.com/ICSIL> >>>>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>>>> <https://www.facebook.com/mdwestix> >>>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>>> <https://twitter.com/mdwestix> >>>>> The Brothers WISP <http://www.thebrotherswisp.com/> >>>>> <https://www.facebook.com/thebrotherswisp> >>>>> >>>>> >>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>>> ------------------------------ >>>>> *From: *"Josh Reynolds" <j...@kyneticwifi.com> >>>>> *To: *af@afmug.com >>>>> *Sent: *Monday, May 16, 2016 8:30:12 PM >>>>> *Subject: *Re: [AFMUG] ubnt malware >>>>> >>>>> >>>>> It's self replicating. They patched this long ago. It hits people with >>>>> radios on public IPs. >>>>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < >>>>> thatoneguyst...@gmail.com> wrote: >>>>> >>>>>> From what im reading in their forums something set off over the >>>>>> weekend? or is it ubnt douche nozzles? >>>>>> >>>>>> It sounds almost as if this malware is actively being manipulated >>>>>> (changing from key access to foul username/password, wandering control >>>>>> ports, etc, like script kiddies found a new toy? >>>>>> >>>>>> is this thing self propagating from the device? >>>>>> >>>>>> -- >>>>>> If you only see yourself as part of the team but you don't see your >>>>>> team as part of yourself you have already failed as part of the team. >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> If you only see yourself as part of the team but you don't see your >>>> team as part of yourself you have already failed as part of the team. >>>> >>> >> > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
