>From what Ive read so far, the majority of them make me look like a network rockstar. Im telling the boss to give me a raise or ill send them a job app for my job
On Mon, May 16, 2016 at 9:33 PM, Mike Hammett <af...@ics-il.net> wrote: > You've been reading comments from people that don't know what they're > talking about. > > 5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If > they have the files on them, they either weren't properly cleaned or the > files were uploading into an inert portion of the system that is wiped on > reboot. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Monday, May 16, 2016 8:37:59 PM > *Subject: *Re: [AFMUG] ubnt malware > > are we talking can see layer two, can see via device discovery, thats a > broad term > > Is there any direct thread on specific symptoms beyond devices offline and > any traces of what takes place post infection, ive seen some comments > theyre doing port 53 vpns to send spam, just curios what else. > > Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3 > > We only have a handful of air routers with public IPs on them, everything > else is internal space > > the self replication is what im wondering about, the devices on each > network segment are subnet isolated, but still on the same layer2 > > On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote: > >> Initially... then every other radio (and switch) that radio can see. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> *From: *"Josh Reynolds" <j...@kyneticwifi.com> >> *To: *af@afmug.com >> *Sent: *Monday, May 16, 2016 8:30:12 PM >> *Subject: *Re: [AFMUG] ubnt malware >> >> >> It's self replicating. They patched this long ago. It hits people with >> radios on public IPs. >> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < >> thatoneguyst...@gmail.com> wrote: >> >>> From what im reading in their forums something set off over the weekend? >>> or is it ubnt douche nozzles? >>> >>> It sounds almost as if this malware is actively being manipulated >>> (changing from key access to foul username/password, wandering control >>> ports, etc, like script kiddies found a new toy? >>> >>> is this thing self propagating from the device? >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
