Re: [AFMUG] BGP and OSPF

[John Babineaux]

There only one way I can think of to force traffic to go out one port and come 
back on that same port without nat. 

This would be done with filtering rules which I recommend making for a rainy 
day or the world ends and leave them disabled until needed.

There is no redundancy in this and you have to force by the size of the network 
your advertising. 

Example would be the whole /24 would have to go through that network you can’t 
split it.

 

Most providers prefer the largest network you can advertise.  Advertising a 
bunch of contagious /24 may not be allowed it makes the full routing tables 
that much larger.

 



John Babineaux

System Administrator

REACH4 Communications | Website:   www.REACH4Com.com

Phone: 337-783-3436 x105 | Email: john.babine...@reach4com.com 

927 N Parkerson Ave, Crowley, LA 70526

 

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Tuesday, May 03, 2016 2:41 PM
To: af@afmug.com
Subject: Re: [AFMUG] BGP and OSPF

 

We plan on not having to ever do it. but we stacked our priority customers on 
one /24 so if there were service issues on one of the upstreams or if we 
unexpectedly saturated one we could force them to use just the one

 

On Tue, May 3, 2016 at 2:09 PM, John Babineaux  
wrote:

I would advertise all networks on each connection.  

 

You can Prepend to an extent to help prefer traffic coming back on a certain 
connection.  This cannot be prepended to high or some strip it off.  It broke 
the internet once by someone putting a really large one…..  

 

If one connection is really bad and the other is really good (to many hops or 
very few) you will really only use one most of the time.  BGP will send the 
traffic out of the connection that is closer.  If one of the connections goes 
out it will stop advertising on that link to the world.  The working connection 
will be the only one advertising.  

 

If you are expecting problems I normally filter all traffic to keep things from 
flapping on that connection until the work is done.



John Babineaux

System Administrator

REACH4 Communications | Website:   www.REACH4Com.com

Phone: 337-783-3436 x105   | Email: 
john.babine...@reach4com.com 

927 N Parkerson Ave, Crowley, LA 70526

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Tuesday, May 03, 2016 1:20 PM
To: af@afmug.com
Subject: Re: [AFMUG] BGP and OSPF

 

thank you guys

 

Now another question, one of our providers is solid, the other..well. What kind 
of issues can come up with a basic BGP implementaion (we are taking the full 
tables) that will hurt us. Like is there some way that even if we stop 
announcing one of the /24 on their circuit theyll aggregate it on their own 
into the /22 of the ASN?

 

You have to remember this is the upstream that moved our bandwidth from an 
ethernet port to an SPF one morning without mentioning it to us and without 
verifying we had a module, they also send a shitface drunk tech, and for kicks 
one day after a failed routing migration, they went ahead and implemented the 
changes anyway in the middle of the week, just because they could.

 

So any upstream BGP shenanigans I fully expect to see

 

 

 

On Tue, May 3, 2016 at 1:09 PM, John Babineaux  
wrote:

One more thing BGP will pass a Default route to OSPF that will propagate it so 
that’s how it will know.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of John Babineaux
Sent: Tuesday, May 03, 2016 1:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] BGP and OSPF

 

It’s pretty simple.  

 

You create a connection with your up streams using your ASN and their ASN.  You 
need ip connectivity to the other router (prob your gateway but could be 
another router). And a password if required or preferred.  Next you setup 
filters to only allow what networks you want to pass upstream and what you want 
to accept.  Then you add what networks you what to share to the world 
statically or to pass them from OSPF.  

 

Keep in mind they will create filters to block anything that you didn’t tell 
them that you will pass.  If you say x.x.x.x/22 they will only allow that exact 
thing.  You should only pass nothing lower than a /24 as most will block it.  
It’s your choice for full routing tables or just /8 or /16 etc.  You can also 
get a default route if you don’t get full tables.

 

Most of the other things I read was for getting things to work when you have to 
connect to the other BGP router that’s not directly connected or your gateway.

 



John Babineaux

System Administrator

REACH4 Communications | Website:   www.REACH4Com.com

Phone: 337-783-3436 x105   | Email: 
john.babine...@reach4com.com 

927 N Parkerson Ave, Crowley, LA 70526

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of

[AFMUG] wall mounted touch screens

[Rex-List Account]

I am looking for recommendations on wall mounted touch screens for a kiosk.

Must have an Ethernet port and be able to run Windows. 

Does anyone have a go to favorite?

 

Thanks in advance.

 

[AFMUG] 450 AP's Wanted

[Tyson Burris @ Internet Communications Inc]

Hit me up off list if you have used 450 AP's to sell on the cheap.  We get a
good price on new but just looking for backup units right now.

 

Tyson Burris, President 
Internet Communications Inc. 
739 Commerce Dr. 
Franklin, IN 46131 
  
317-738-0320 Daytime # 
317-412-1540 Cell/Direct # 
Online: www.surfici.net 

 



What can ICI do for you? 


Broadband Wireless - PtP/PtMP Solutions - WiMax - Mesh Wifi/Hotzones - IP
Security - Fiber - Tower - Infrastructure. 
  
CONFIDENTIALITY NOTICE: This e-mail is intended for the 
addressee shown. It contains information that is 
confidential and protected from disclosure. Any review, 
dissemination or use of this transmission or its contents by 
unauthorized organizations or individuals is strictly 
prohibited. 

 

Re: [AFMUG] wall mounted touch screens

[Dennis Burgess]

We just got a 100 buck windows 10 on a stick device HDMI out, works quite well. 
 Just need that touchscreen. :)

[DennisBurgessSignature]
www.linktechs.net - 314-735-0270 x103 - 
dmburg...@linktechs.net

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Rex-List Account
Sent: Wednesday, May 4, 2016 10:10 AM
To: af@afmug.com
Subject: [AFMUG] wall mounted touch screens

I am looking for recommendations on wall mounted touch screens for a kiosk.
Must have an Ethernet port and be able to run Windows.
Does anyone have a go to favorite?

Thanks in advance.

Re: [AFMUG] wall mounted touch screens

[Jason McKemie]

Lenovo has some thinkcenter options available. I'm a pretty big fan of
their computers.

On Wednesday, May 4, 2016, Rex-List Account  wrote:

> I am looking for recommendations on wall mounted touch screens for a kiosk.
>
> Must have an Ethernet port and be able to run Windows.
>
> Does anyone have a go to favorite?
>
>
>
> Thanks in advance.
>
>
>

Re: [AFMUG] BGP and OSPF

[David]

Yep,
And whats neat with bgp or ospf there are a ton of knobs to turn if 
needed for specific filtering of specific routes.
In a sense you could control or force a route to go one or the other 
with in your own network.



On 05/03/2016 11:37 AM, Mike Hammett wrote:

Correct, but it's a bit cleaner if they are.

The two different routers will be advertising default routes. Traffic 
will go to the nearest Provider Edge (PE) router. If the other PE 
router has the better route, having them connected via layer 2 better 
moves the traffic to the other PE.


Having iBGP running on all routers between the two PEs makes it even 
better, but at the cost of making sure all of the routers between are 
capable of it.





-
Mike Hammett
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 





*From: *"Jesse DuPont" 
*To: *af@afmug.com
*Sent: *Tuesday, May 3, 2016 11:26:23 AM
*Subject: *Re: [AFMUG] BGP and OSPF

The two BGP routers do not need to be on the same L2 network for the 
iBGP connection.



*_Jesse DuPont_*

Network Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc

Like us! facebook.com/celeritybroadband

On 5/3/16 10:25 AM, Mike Hammett wrote:

A BGP speaker would be a router speaking BGP. In this case, most
likely your routers at the edge of your network that connect to
your providers.

Are the routers that are between your two BGP routers capable of
running BGP, resource wise?

Can you do a VPLS tunnel between your two BGP routers? If not,
what about a VLAN?



-
Mike Hammett
Intelligent Computing Solutions 


Midwest Internet Exchange 


The Brothers WISP 





*From: *"That One Guy /sarcasm" 
*To: *af@afmug.com
*Sent: *Tuesday, May 3, 2016 11:13:36 AM
*Subject: *Re: [AFMUG] BGP and OSPF

Mike, i said helmet, explain it to me like you would a 10 year
old, then dumb it down to my level from there.

I dont know what a bgp speaker is

On Tue, May 3, 2016 at 11:10 AM, Mike Hammett 
wrote:

Your OSPF network will just use default routes to get to your
BGP speakers.

Your BGP speakers with full routes will choose the best path.
Your BGP speakers should be connected together, via direct
connection, layer 2 tunnel (VPLS) or via intermediary iBGP
speakers. Those iBGP speakers in the middle of your network
will route the correct way, based on BGP.



-
Mike Hammett
Intelligent Computing Solutions 


Midwest Internet Exchange 


The Brothers WISP 





*From: *"That One Guy /sarcasm" 
*To: *af@afmug.com 
*Sent: *Tuesday, May 3, 2016 10:41:52 AM
*Subject: *[AFMUG] BGP and OSPF

We currently have a /22 with 2 /24 statically routed in each
of our providers. We are moving to BGP.

What Im still unclear on is how my OSPF network is going to
decide on the best path for data to flow externally

can somebody give me the helmet version of how this is
accomplished

-- 
If you

Re: [AFMUG] wall mounted touch screens

[SmarterBroadband]

I just ordered on of these, a "Quantum Access".  Was that the one you
choose?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess
Sent: Wednesday, May 04, 2016 8:44 AM
To: af@afmug.com
Subject: Re: [AFMUG] wall mounted touch screens

 

We just got a 100 buck windows 10 on a stick device HDMI out, works quite
well.  Just need that touchscreen. J

 

DennisBurgessSignature

www.linktechs.net   - 314-735-0270 x103 -
dmburg...@linktechs.net 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Rex-List Account
Sent: Wednesday, May 4, 2016 10:10 AM
To: af@afmug.com
Subject: [AFMUG] wall mounted touch screens

 

I am looking for recommendations on wall mounted touch screens for a kiosk.

Must have an Ethernet port and be able to run Windows. 

Does anyone have a go to favorite?

 

Thanks in advance.

 

Re: [AFMUG] potential FTTH build

[Chuck Hogg]

We did one like this last year.  Cheapest ever when it's green field.  Most
people don't deploy like us for small builds, but for very cheap you can
knock this out easily.  No offense to Chuck M, but I would probably be
budgeting about $50k or less for this project.

Regards,
Chuck

On Tue, May 3, 2016 at 2:38 PM, Sean Heskett  wrote:

> Hello,
>
> We are in talks with a developer who is planning a subdivision on a ~50
> acre lot for 92 homes and he wants us to deliver FTTH.  Is there anyone on
> this list who would like to consult with us so that we can get the plan
> done right from the get go?  The developer will be doing all the trenching
> and conduit etc., we will be doing all the electronics and customer service
> etc.
>
> Best regards,
>
> Sean
>
>

Re: [AFMUG] potential FTTH build

[Chuck McCown]

I was quoting hiring it done and some boring.  If the developer is supplying 
the ditches, yeah, I would agree with  your pricing.  

From: Chuck Hogg 
Sent: Wednesday, May 04, 2016 1:32 PM
To: af@afmug.com 
Cc: memb...@wispa.org 
Subject: Re: [AFMUG] potential FTTH build

We did one like this last year.  Cheapest ever when it's green field.  Most 
people don't deploy like us for small builds, but for very cheap you can knock 
this out easily.  No offense to Chuck M, but I would probably be budgeting 
about $50k or less for this project.

Regards,
Chuck

On Tue, May 3, 2016 at 2:38 PM, Sean Heskett  wrote:

  Hello, 

  We are in talks with a developer who is planning a subdivision on a ~50 acre 
lot for 92 homes and he wants us to deliver FTTH.  Is there anyone on this list 
who would like to consult with us so that we can get the plan done right from 
the get go?  The developer will be doing all the trenching and conduit etc., we 
will be doing all the electronics and customer service etc.

  Best regards,

  Sean

Re: [AFMUG] potential FTTH build

[Josh Reynolds]

Might get lucky enough in the development process to trench it in.

On Wed, May 4, 2016 at 3:01 PM, Chuck McCown  wrote:
> I was quoting hiring it done and some boring.  If the developer is supplying
> the ditches, yeah, I would agree with  your pricing.
>
> From: Chuck Hogg
> Sent: Wednesday, May 04, 2016 1:32 PM
> To: af@afmug.com
> Cc: memb...@wispa.org
> Subject: Re: [AFMUG] potential FTTH build
>
> We did one like this last year.  Cheapest ever when it's green field.  Most
> people don't deploy like us for small builds, but for very cheap you can
> knock this out easily.  No offense to Chuck M, but I would probably be
> budgeting about $50k or less for this project.
>
> Regards,
> Chuck
>
> On Tue, May 3, 2016 at 2:38 PM, Sean Heskett  wrote:
>>
>> Hello,
>>
>> We are in talks with a developer who is planning a subdivision on a ~50
>> acre lot for 92 homes and he wants us to deliver FTTH.  Is there anyone on
>> this list who would like to consult with us so that we can get the plan done
>> right from the get go?  The developer will be doing all the trenching and
>> conduit etc., we will be doing all the electronics and customer service etc.
>>
>> Best regards,
>>
>> Sean
>>
>
>

[AFMUG] telco systems sales contact?

[Josh Reynolds]

Trying to buy some product, in particular TMC-3348S-2AC-NA +
LIC-3348-10G-2PORT to use as DEMARC for several of our customers w/
10Gbps E&W connectivity.

Anybody have someone I can call and place an order with?

Thanks

Re: [AFMUG] potential FTTH build

[Josh Reynolds]

edit: I see now the developer will be doing the trenching and conduit...

On Wed, May 4, 2016 at 3:27 PM, Josh Reynolds  wrote:
> Might get lucky enough in the development process to trench it in.
>
> On Wed, May 4, 2016 at 3:01 PM, Chuck McCown  wrote:
>> I was quoting hiring it done and some boring.  If the developer is supplying
>> the ditches, yeah, I would agree with  your pricing.
>>
>> From: Chuck Hogg
>> Sent: Wednesday, May 04, 2016 1:32 PM
>> To: af@afmug.com
>> Cc: memb...@wispa.org
>> Subject: Re: [AFMUG] potential FTTH build
>>
>> We did one like this last year.  Cheapest ever when it's green field.  Most
>> people don't deploy like us for small builds, but for very cheap you can
>> knock this out easily.  No offense to Chuck M, but I would probably be
>> budgeting about $50k or less for this project.
>>
>> Regards,
>> Chuck
>>
>> On Tue, May 3, 2016 at 2:38 PM, Sean Heskett  wrote:
>>>
>>> Hello,
>>>
>>> We are in talks with a developer who is planning a subdivision on a ~50
>>> acre lot for 92 homes and he wants us to deliver FTTH.  Is there anyone on
>>> this list who would like to consult with us so that we can get the plan done
>>> right from the get go?  The developer will be doing all the trenching and
>>> conduit etc., we will be doing all the electronics and customer service etc.
>>>
>>> Best regards,
>>>
>>> Sean
>>>
>>
>>

[AFMUG] Gino, can you get this? :)

[Josh Reynolds]

Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.

Were you effected? Any idea what caused it?

Re: [AFMUG] Gino, can you get this? :)

[Gino Villarini]

yeap, we are being affected, outage is related to Mobile Network.  No
official word yet, there was a earlier rumor about a circuit breaker being
accidentally turned off.  But my inside sources debunked it.  I believe its
a Issue with EPC

On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds  wrote:

> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
>
> Were you effected? Any idea what caused it?
>

Re: [AFMUG] Gino, can you get this? :)

[Eric Kuhnke]

somebody in a cell site shelter tripped over an orange extension cord and
$5 power strip probably...



On Wed, May 4, 2016 at 2:19 PM, Gino Villarini  wrote:

> yeap, we are being affected, outage is related to Mobile Network.  No
> official word yet, there was a earlier rumor about a circuit breaker being
> accidentally turned off.  But my inside sources debunked it.  I believe its
> a Issue with EPC
>
> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
> wrote:
>
>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
>>
>> Were you effected? Any idea what caused it?
>>
>
>

Re: [AFMUG] telco systems sales contact?

[jesse . dupont]

Mike Cersosimo is the sales guy at Telco systems. He would at least be able to 
direct you to a reseller


mcersos...@telco.com


Sent from Outlook Mobile






On Wed, May 4, 2016 at 1:28 PM -0700, "Josh Reynolds"  
wrote:










Trying to buy some product, in particular TMC-3348S-2AC-NA +
LIC-3348-10G-2PORT to use as DEMARC for several of our customers w/
10Gbps E&W connectivity.

Anybody have someone I can call and place an order with?

Thanks

Re: [AFMUG] Gino, can you get this? :)

[Josh Reynolds]

Some may laugh, but that's, sadly, quite plausible.

That said, at least a few years ago one could making a killing
replacing light bulbs at AT&T shelters. $800/bulb.

On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke  wrote:
> somebody in a cell site shelter tripped over an orange extension cord and $5
> power strip probably...
>
>
>
> On Wed, May 4, 2016 at 2:19 PM, Gino Villarini  wrote:
>>
>> yeap, we are being affected, outage is related to Mobile Network.  No
>> official word yet, there was a earlier rumor about a circuit breaker being
>> accidentally turned off.  But my inside sources debunked it.  I believe its
>> a Issue with EPC
>>
>> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
>> wrote:
>>>
>>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
>>>
>>> Were you effected? Any idea what caused it?
>>
>>
>

Re: [AFMUG] telco systems sales contact?

[Josh Reynolds]

Thanks, I'll contact him.

On Wed, May 4, 2016 at 4:26 PM,   wrote:
> Mike Cersosimo is the sales guy at Telco systems. He would at least be able
> to direct you to a reseller
>
> mcersos...@telco.com
>
> Sent from Outlook Mobile
>
>
>
>
> On Wed, May 4, 2016 at 1:28 PM -0700, "Josh Reynolds" 
> wrote:
>
>> Trying to buy some product, in particular TMC-3348S-2AC-NA +
>> LIC-3348-10G-2PORT to use as DEMARC for several of our customers w/
>> 10Gbps E&W connectivity.
>>
>> Anybody have someone I can call and place an order with?
>>
>> Thanks

Re: [AFMUG] Gino, can you get this? :)

[Bill Prince]

Possibly like what happened to NPR the other day on "Take your kid to 
work day".


http://mashable.com/2016/04/28/npr-dead-air-take-child-to-work-day/?utm_cid=mash-com-social-huffpo-partner#Ep6kMerQ5kqo



bp


On 5/4/2016 1:41 PM, Josh Reynolds wrote:

Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.

Were you effected? Any idea what caused it?

Re: [AFMUG] Gino, can you get this? :)

[Eric Kuhnke]

If the average person knew to what extent the internet is held together
with duct tape and twine, they'd be scared. Splice canisters for backbone
lines carrying  40-channel WDM systems going through handholes that are
also a residence of a family of angry raccoons.

On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds  wrote:

> Some may laugh, but that's, sadly, quite plausible.
>
> That said, at least a few years ago one could making a killing
> replacing light bulbs at AT&T shelters. $800/bulb.
>
> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke  wrote:
> > somebody in a cell site shelter tripped over an orange extension cord
> and $5
> > power strip probably...
> >
> >
> >
> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini 
> wrote:
> >>
> >> yeap, we are being affected, outage is related to Mobile Network.  No
> >> official word yet, there was a earlier rumor about a circuit breaker
> being
> >> accidentally turned off.  But my inside sources debunked it.  I believe
> its
> >> a Issue with EPC
> >>
> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
> >> wrote:
> >>>
> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
> >>>
> >>> Were you effected? Any idea what caused it?
> >>
> >>
> >
>

Re: [AFMUG] Gino, can you get this? :)

[Josh Reynolds]

... or how fragile BGP is :)

On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke  wrote:
> If the average person knew to what extent the internet is held together with
> duct tape and twine, they'd be scared. Splice canisters for backbone lines
> carrying  40-channel WDM systems going through handholes that are also a
> residence of a family of angry raccoons.
>
> On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds  wrote:
>>
>> Some may laugh, but that's, sadly, quite plausible.
>>
>> That said, at least a few years ago one could making a killing
>> replacing light bulbs at AT&T shelters. $800/bulb.
>>
>> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke  wrote:
>> > somebody in a cell site shelter tripped over an orange extension cord
>> > and $5
>> > power strip probably...
>> >
>> >
>> >
>> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini 
>> > wrote:
>> >>
>> >> yeap, we are being affected, outage is related to Mobile Network.  No
>> >> official word yet, there was a earlier rumor about a circuit breaker
>> >> being
>> >> accidentally turned off.  But my inside sources debunked it.  I believe
>> >> its
>> >> a Issue with EPC
>> >>
>> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
>> >> wrote:
>> >>>
>> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
>> >>>
>> >>> Were you effected? Any idea what caused it?
>> >>
>> >>
>> >
>
>

Re: [AFMUG] Gino, can you get this? :)

[Eric Kuhnke]

It's not, really, it's the fragility of layers 1 and 2...  all the BGP
sessions in the world and diverse upstreams won't help you if you're not
diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in a semi
truck taking out an entire utility pole, 40 pound chunk of ice falling on a
dish+radio, etc etc

On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds  wrote:

> ... or how fragile BGP is :)
>
> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke  wrote:
> > If the average person knew to what extent the internet is held together
> with
> > duct tape and twine, they'd be scared. Splice canisters for backbone
> lines
> > carrying  40-channel WDM systems going through handholes that are also a
> > residence of a family of angry raccoons.
> >
> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds 
> wrote:
> >>
> >> Some may laugh, but that's, sadly, quite plausible.
> >>
> >> That said, at least a few years ago one could making a killing
> >> replacing light bulbs at AT&T shelters. $800/bulb.
> >>
> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke 
> wrote:
> >> > somebody in a cell site shelter tripped over an orange extension cord
> >> > and $5
> >> > power strip probably...
> >> >
> >> >
> >> >
> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini 
> >> > wrote:
> >> >>
> >> >> yeap, we are being affected, outage is related to Mobile Network.  No
> >> >> official word yet, there was a earlier rumor about a circuit breaker
> >> >> being
> >> >> accidentally turned off.  But my inside sources debunked it.  I
> believe
> >> >> its
> >> >> a Issue with EPC
> >> >>
> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
> >> >> wrote:
> >> >>>
> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
> >> >>>
> >> >>> Were you effected? Any idea what caused it?
> >> >>
> >> >>
> >> >
> >
> >
>

[AFMUG] Source for equipment enclosures

[Wireless Administrator]

Can anyone recommendation a supplier for custom stainless equipment
enclosures in the $1700 range.  Based on comments here we contracted to have
ours built by Bison ProFab but that has been a disaster.  We started working
with them on 2/11 and they still do not have our first enclosure completed.
None of the commitments they made have been realized.  

 

Can anyone recommend a reliable source?

 

Steve B.

 

Re: [AFMUG] Source for equipment enclosures

[Eric Kuhnke]

If you're OK with not being able to totally customize what you get, the
usedtowers.com guy has a listing of different outdoor cabinets with specs
and photos on his page. Mostly surplus from cellular. Some of the units
that sell for around $2000 to $3000 would be $7000 if you bought them new.



On Wed, May 4, 2016 at 2:33 PM, Wireless Administrator 
wrote:

> Can anyone recommendation a supplier for custom stainless equipment
> enclosures in the $1700 range.  Based on comments here we contracted to
> have ours built by Bison ProFab but that has been a disaster.  We started
> working with them on 2/11 and they still do not have our first enclosure
> completed.  None of the commitments they made have been realized.
>
>
>
> Can anyone recommend a reliable source?
>
>
>
> Steve B.
>
>
>

Re: [AFMUG] Source for equipment enclosures

[SmarterBroadband]

DDB ?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Wireless Administrator
Sent: Wednesday, May 04, 2016 2:33 PM
To: af@afmug.com
Subject: [AFMUG] Source for equipment enclosures

 

Can anyone recommendation a supplier for custom stainless equipment
enclosures in the $1700 range.  Based on comments here we contracted to have
ours built by Bison ProFab but that has been a disaster.  We started working
with them on 2/11 and they still do not have our first enclosure completed.
None of the commitments they made have been realized.  

 

Can anyone recommend a reliable source?

 

Steve B.

 

Re: [AFMUG] Source for equipment enclosures

[Chuck McCown]

Depends on the design.  I do some fabrication like this.
Nothing too fancy.  

From: Wireless Administrator 
Sent: Wednesday, May 04, 2016 3:33 PM
To: af@afmug.com 
Subject: [AFMUG] Source for equipment enclosures

Can anyone recommendation a supplier for custom stainless equipment enclosures 
in the $1700 range.  Based on comments here we contracted to have ours built by 
Bison ProFab but that has been a disaster.  We started working with them on 
2/11 and they still do not have our first enclosure completed.  None of the 
commitments they made have been realized.  

 

Can anyone recommend a reliable source?

 

Steve B.

 

Re: [AFMUG] Gino, can you get this? :)

[Josh Reynolds]

Well, there is a lot of single homed stuff out there for sure.

It doesn't get much better the higher up you go in the OSI model
though. There's also a lot of incompetent operators out there as well.
http://www.bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/
https://twitter.com/bgpstream?lang=en

On Wed, May 4, 2016 at 4:33 PM, Eric Kuhnke  wrote:
> It's not, really, it's the fragility of layers 1 and 2...  all the BGP
> sessions in the world and diverse upstreams won't help you if you're not
> diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in a semi
> truck taking out an entire utility pole, 40 pound chunk of ice falling on a
> dish+radio, etc etc
>
> On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds  wrote:
>>
>> ... or how fragile BGP is :)
>>
>> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke  wrote:
>> > If the average person knew to what extent the internet is held together
>> > with
>> > duct tape and twine, they'd be scared. Splice canisters for backbone
>> > lines
>> > carrying  40-channel WDM systems going through handholes that are also a
>> > residence of a family of angry raccoons.
>> >
>> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds 
>> > wrote:
>> >>
>> >> Some may laugh, but that's, sadly, quite plausible.
>> >>
>> >> That said, at least a few years ago one could making a killing
>> >> replacing light bulbs at AT&T shelters. $800/bulb.
>> >>
>> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke 
>> >> wrote:
>> >> > somebody in a cell site shelter tripped over an orange extension cord
>> >> > and $5
>> >> > power strip probably...
>> >> >
>> >> >
>> >> >
>> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini 
>> >> > wrote:
>> >> >>
>> >> >> yeap, we are being affected, outage is related to Mobile Network.
>> >> >> No
>> >> >> official word yet, there was a earlier rumor about a circuit breaker
>> >> >> being
>> >> >> accidentally turned off.  But my inside sources debunked it.  I
>> >> >> believe
>> >> >> its
>> >> >> a Issue with EPC
>> >> >>
>> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
>> >> >> wrote:
>> >> >>>
>> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
>> >> >>>
>> >> >>> Were you effected? Any idea what caused it?
>> >> >>
>> >> >>
>> >> >
>> >
>> >
>
>

Re: [AFMUG] Isolated mounts for din rail and components

[SmarterBroadband]

+1

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sam Lambie
Sent: Tuesday, May 03, 2016 2:23 PM
To: af@afmug.com
Subject: Re: [AFMUG] Isolated mounts for din rail and components

 

Could the Afmug team start a GoFundMe page for Jaime's out of focus images? He 
needs a new camera or phone

 

On Tue, May 3, 2016 at 2:55 PM, Jaime Solorza  wrote:

Here is the isolated rail with terminal blocks, grounds, and fuses.  If you 
experience with panels you will see jumpersmostly PC stuff...some IMO as 
well. 

On May 3, 2016 2:50 PM, "Jaime Solorza"  wrote:

Some one asked how we isolate from panel and other components. Here are 
isolation standoffs the separate din rail from panel... one screw secures mount 
to panel...second one secures rail...there is no metal to metal touching.  Also 
the terminal blocks or end terminals get a shield as well between fuses 
,breakers or other terminals 




-- 

-- 
Sam Lambie
Taosnet Wireless Tech.
575-758-7598 Office
www.Taosnet.com  

Re: [AFMUG] Isolated mounts for din rail and components

[Paul McCall]

NOW we get clear pictures ☺

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Wednesday, May 04, 2016 4:54 PM
To: Animal Farm
Subject: Re: [AFMUG] Isolated mounts for din rail and components


Meeting with electricians on site
On May 4, 2016 10:37 AM, "Jaime Solorza" 
mailto:losguyswirel...@gmail.com>> wrote:

Surge protection on isolated rail
On May 4, 2016 9:30 AM, "Jaime Solorza" 
mailto:losguyswirel...@gmail.com>> wrote:

Coming along nicelyjust vacuumed it.  Metal shavings from drilling can 
damage stuff
On May 3, 2016 6:09 PM, "Jaime Solorza" 
mailto:losguyswirel...@gmail.com>> wrote:

Check out her keyboard skills.  I still use the two finger method...
On May 3, 2016 5:29 PM, "Ken Hohhof" mailto:af...@kwisp.com>> 
wrote:
Aw

From: Jaime Solorza
Sent: Tuesday, May 03, 2016 5:52 PM
To: Animal Farm
Subject: Re: [AFMUG] Isolated mounts for din rail and components


I am going to shut down the Internet  for making fun of my grandpa
On May 3, 2016 3:38 PM, "Chuck McCown" 
mailto:ch...@wbmfg.com>> wrote:
Camera has the beer goggle app installed.

From: Sam Lambie
Sent: Tuesday, May 03, 2016 3:22 PM
To: af@afmug.com
Subject: Re: [AFMUG] Isolated mounts for din rail and components

Could the Afmug team start a GoFundMe page for Jaime's out of focus images? He 
needs a new camera or phone

On Tue, May 3, 2016 at 2:55 PM, Jaime Solorza 
mailto:losguyswirel...@gmail.com>> wrote:

Here is the isolated rail with terminal blocks, grounds, and fuses.  If you 
experience with panels you will see jumpersmostly PC stuff...some IMO as 
well.
On May 3, 2016 2:50 PM, "Jaime Solorza" 
mailto:losguyswirel...@gmail.com>> wrote:

Some one asked how we isolate from panel and other components. Here are 
isolation standoffs the separate din rail from panel... one screw secures mount 
to panel...second one secures rail...there is no metal to metal touching.  Also 
the terminal blocks or end terminals get a shield as well between fuses 
,breakers or other terminals


--
--
Sam Lambie
Taosnet Wireless Tech.
575-758-7598 Office
www.Taosnet.com

Re: [AFMUG] Source for equipment enclosures

[Wireless Administrator]

Chuck I've got an engineering document prepared by them but in all fairness
I should not re-distribute it.  If you're interested I can describe it off
list.

 

Steve B.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown
Sent: Wednesday, May 04, 2016 5:37 PM
To: af@afmug.com
Subject: Re: [AFMUG] Source for equipment enclosures

 

Depends on the design.  I do some fabrication like this.

Nothing too fancy.  

 

From: Wireless Administrator   

Sent: Wednesday, May 04, 2016 3:33 PM

To: af@afmug.com 

Subject: [AFMUG] Source for equipment enclosures

 

Can anyone recommendation a supplier for custom stainless equipment
enclosures in the $1700 range.  Based on comments here we contracted to have
ours built by Bison ProFab but that has been a disaster.  We started working
with them on 2/11 and they still do not have our first enclosure completed.
None of the commitments they made have been realized.  

 

Can anyone recommend a reliable source?

 

Steve B.

 

Re: [AFMUG] Gino, can you get this? :)

[Eric Kuhnke]

My favorite of all time is when Pakistan's PTCL (an entity functionally
equivalent to Centurylink or Verizon, they're the LEC) decided to announce
Youtube's ipv4 prefixes... Not only did they mess things up for everyone
but they also DDoSed themselves at their international transport capacity
in and out of Karachi via submarine routes.

http://www.cnet.com/news/youtube-blames-pakistan-network-for-2-hour-outage/



On Wed, May 4, 2016 at 2:37 PM, Josh Reynolds  wrote:

> Well, there is a lot of single homed stuff out there for sure.
>
> It doesn't get much better the higher up you go in the OSI model
> though. There's also a lot of incompetent operators out there as well.
>
> http://www.bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/
> https://twitter.com/bgpstream?lang=en
>
> On Wed, May 4, 2016 at 4:33 PM, Eric Kuhnke  wrote:
> > It's not, really, it's the fragility of layers 1 and 2...  all the BGP
> > sessions in the world and diverse upstreams won't help you if you're not
> > diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in a
> semi
> > truck taking out an entire utility pole, 40 pound chunk of ice falling
> on a
> > dish+radio, etc etc
> >
> > On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds 
> wrote:
> >>
> >> ... or how fragile BGP is :)
> >>
> >> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke 
> wrote:
> >> > If the average person knew to what extent the internet is held
> together
> >> > with
> >> > duct tape and twine, they'd be scared. Splice canisters for backbone
> >> > lines
> >> > carrying  40-channel WDM systems going through handholes that are
> also a
> >> > residence of a family of angry raccoons.
> >> >
> >> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds 
> >> > wrote:
> >> >>
> >> >> Some may laugh, but that's, sadly, quite plausible.
> >> >>
> >> >> That said, at least a few years ago one could making a killing
> >> >> replacing light bulbs at AT&T shelters. $800/bulb.
> >> >>
> >> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke 
> >> >> wrote:
> >> >> > somebody in a cell site shelter tripped over an orange extension
> cord
> >> >> > and $5
> >> >> > power strip probably...
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini <
> ginovi...@gmail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> yeap, we are being affected, outage is related to Mobile Network.
> >> >> >> No
> >> >> >> official word yet, there was a earlier rumor about a circuit
> breaker
> >> >> >> being
> >> >> >> accidentally turned off.  But my inside sources debunked it.  I
> >> >> >> believe
> >> >> >> its
> >> >> >> a Issue with EPC
> >> >> >>
> >> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds <
> j...@kyneticwifi.com>
> >> >> >> wrote:
> >> >> >>>
> >> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours
> now.
> >> >> >>>
> >> >> >>> Were you effected? Any idea what caused it?
> >> >> >>
> >> >> >>
> >> >> >
> >> >
> >> >
> >
> >
>

Re: [AFMUG] Source for equipment enclosures

[Chuck McCown]

OK

I am probably not your guy anyway, I have made some metal pedestals for DLC 
cabinets and other things like that.

I am limited in the size of my press brake and shear.  I can plasma cut and 
weld all day long.  But when someone needs small intricate parts bent up I have 
my limits.  

From: Wireless Administrator 
Sent: Wednesday, May 04, 2016 3:43 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Source for equipment enclosures

Chuck I’ve got an engineering document prepared by them but in all fairness I 
should not re-distribute it.  If you’re interested I can describe it off list.

 

Steve B.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown
Sent: Wednesday, May 04, 2016 5:37 PM
To: af@afmug.com
Subject: Re: [AFMUG] Source for equipment enclosures

 

Depends on the design.  I do some fabrication like this.

Nothing too fancy.  

 

From: Wireless Administrator 

Sent: Wednesday, May 04, 2016 3:33 PM

To: af@afmug.com 

Subject: [AFMUG] Source for equipment enclosures

 

Can anyone recommendation a supplier for custom stainless equipment enclosures 
in the $1700 range.  Based on comments here we contracted to have ours built by 
Bison ProFab but that has been a disaster.  We started working with them on 
2/11 and they still do not have our first enclosure completed.  None of the 
commitments they made have been realized.  

 

Can anyone recommend a reliable source?

 

Steve B.

 

Re: [AFMUG] Gino, can you get this? :)

[Chuck McCown]

Remember back in the early days of the net when mis-configured routers would 
sometimes announce themselves to the world, for everything?

From: Eric Kuhnke 
Sent: Wednesday, May 04, 2016 3:44 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Gino, can you get this? :)

My favorite of all time is when Pakistan's PTCL (an entity functionally 
equivalent to Centurylink or Verizon, they're the LEC) decided to announce 
Youtube's ipv4 prefixes... Not only did they mess things up for everyone but 
they also DDoSed themselves at their international transport capacity in and 
out of Karachi via submarine routes.

http://www.cnet.com/news/youtube-blames-pakistan-network-for-2-hour-outage/




On Wed, May 4, 2016 at 2:37 PM, Josh Reynolds  wrote:

  Well, there is a lot of single homed stuff out there for sure.

  It doesn't get much better the higher up you go in the OSI model
  though. There's also a lot of incompetent operators out there as well.
  
http://www.bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/
  https://twitter.com/bgpstream?lang=en

  On Wed, May 4, 2016 at 4:33 PM, Eric Kuhnke  wrote:
  > It's not, really, it's the fragility of layers 1 and 2...  all the BGP
  > sessions in the world and diverse upstreams won't help you if you're not
  > diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in a semi
  > truck taking out an entire utility pole, 40 pound chunk of ice falling on a
  > dish+radio, etc etc
  >

  > On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds  wrote:
  >>
  >> ... or how fragile BGP is :)
  >>
  >> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke  wrote:
  >> > If the average person knew to what extent the internet is held together
  >> > with
  >> > duct tape and twine, they'd be scared. Splice canisters for backbone
  >> > lines
  >> > carrying  40-channel WDM systems going through handholes that are also a
  >> > residence of a family of angry raccoons.
  >> >
  >> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds 
  >> > wrote:
  >> >>
  >> >> Some may laugh, but that's, sadly, quite plausible.
  >> >>
  >> >> That said, at least a few years ago one could making a killing
  >> >> replacing light bulbs at AT&T shelters. $800/bulb.
  >> >>
  >> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke 
  >> >> wrote:
  >> >> > somebody in a cell site shelter tripped over an orange extension cord
  >> >> > and $5
  >> >> > power strip probably...
  >> >> >
  >> >> >
  >> >> >
  >> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini 
  >> >> > wrote:
  >> >> >>
  >> >> >> yeap, we are being affected, outage is related to Mobile Network.
  >> >> >> No
  >> >> >> official word yet, there was a earlier rumor about a circuit breaker
  >> >> >> being
  >> >> >> accidentally turned off.  But my inside sources debunked it.  I
  >> >> >> believe
  >> >> >> its
  >> >> >> a Issue with EPC
  >> >> >>
  >> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
  >> >> >> wrote:
  >> >> >>>
  >> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
  >> >> >>>
  >> >> >>> Were you effected? Any idea what caused it?
  >> >> >>
  >> >> >>
  >> >> >
  >> >
  >> >
  >
  >

Re: [AFMUG] Source for equipment enclosures

[Eric Kuhnke]

Rittal?  Purcell?

Here's a manufacturer in China, they sell a lot for cellular networks.

http://www.estelecomcabinet.com/profile

http://www.estelecomcabinet.com/manufacturer-59793-one-compartment-outdoor-telecom-cabinet



On Wed, May 4, 2016 at 2:36 PM, SmarterBroadband  wrote:

> DDB ?
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Wireless
> Administrator
> *Sent:* Wednesday, May 04, 2016 2:33 PM
> *To:* af@afmug.com
> *Subject:* [AFMUG] Source for equipment enclosures
>
>
>
> Can anyone recommendation a supplier for custom stainless equipment
> enclosures in the $1700 range.  Based on comments here we contracted to
> have ours built by Bison ProFab but that has been a disaster.  We started
> working with them on 2/11 and they still do not have our first enclosure
> completed.  None of the commitments they made have been realized.
>
>
>
> Can anyone recommend a reliable source?
>
>
>
> Steve B.
>
>
>

Re: [AFMUG] Gino, can you get this? :)

[Josh Reynolds]

Like they are the default route for ALL OF THE THINGS? :)

On Wed, May 4, 2016 at 4:46 PM, Chuck McCown  wrote:
> Remember back in the early days of the net when mis-configured routers would
> sometimes announce themselves to the world, for everything?
>
> From: Eric Kuhnke
> Sent: Wednesday, May 04, 2016 3:44 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] Gino, can you get this? :)
>
> My favorite of all time is when Pakistan's PTCL (an entity functionally
> equivalent to Centurylink or Verizon, they're the LEC) decided to announce
> Youtube's ipv4 prefixes... Not only did they mess things up for everyone but
> they also DDoSed themselves at their international transport capacity in and
> out of Karachi via submarine routes.
>
> http://www.cnet.com/news/youtube-blames-pakistan-network-for-2-hour-outage/
>
>
>
> On Wed, May 4, 2016 at 2:37 PM, Josh Reynolds  wrote:
>>
>> Well, there is a lot of single homed stuff out there for sure.
>>
>> It doesn't get much better the higher up you go in the OSI model
>> though. There's also a lot of incompetent operators out there as well.
>>
>> http://www.bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/
>> https://twitter.com/bgpstream?lang=en
>>
>> On Wed, May 4, 2016 at 4:33 PM, Eric Kuhnke  wrote:
>> > It's not, really, it's the fragility of layers 1 and 2...  all the BGP
>> > sessions in the world and diverse upstreams won't help you if you're not
>> > diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in a
>> > semi
>> > truck taking out an entire utility pole, 40 pound chunk of ice falling
>> > on a
>> > dish+radio, etc etc
>> >
>> > On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds 
>> > wrote:
>> >>
>> >> ... or how fragile BGP is :)
>> >>
>> >> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke 
>> >> wrote:
>> >> > If the average person knew to what extent the internet is held
>> >> > together
>> >> > with
>> >> > duct tape and twine, they'd be scared. Splice canisters for backbone
>> >> > lines
>> >> > carrying  40-channel WDM systems going through handholes that are
>> >> > also a
>> >> > residence of a family of angry raccoons.
>> >> >
>> >> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds 
>> >> > wrote:
>> >> >>
>> >> >> Some may laugh, but that's, sadly, quite plausible.
>> >> >>
>> >> >> That said, at least a few years ago one could making a killing
>> >> >> replacing light bulbs at AT&T shelters. $800/bulb.
>> >> >>
>> >> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke 
>> >> >> wrote:
>> >> >> > somebody in a cell site shelter tripped over an orange extension
>> >> >> > cord
>> >> >> > and $5
>> >> >> > power strip probably...
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini
>> >> >> > 
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> yeap, we are being affected, outage is related to Mobile Network.
>> >> >> >> No
>> >> >> >> official word yet, there was a earlier rumor about a circuit
>> >> >> >> breaker
>> >> >> >> being
>> >> >> >> accidentally turned off.  But my inside sources debunked it.  I
>> >> >> >> believe
>> >> >> >> its
>> >> >> >> a Issue with EPC
>> >> >> >>
>> >> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds
>> >> >> >> 
>> >> >> >> wrote:
>> >> >> >>>
>> >> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours
>> >> >> >>> now.
>> >> >> >>>
>> >> >> >>> Were you effected? Any idea what caused it?
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >
>> >> >
>> >
>> >
>
>

Re: [AFMUG] Gino, can you get this? :)

[Eric Kuhnke]

Like, if I'm dumb enough to announce 8.0.0.0/8 and I'm singlehomed to an
upstream provider that is also dumb enough to accept it, suddenly a lot of
other BGP-speaking things that are nearby will see that the shortest route
to 8/8 as being via my pipe. Cue the self inflicted DDoS.

On Wed, May 4, 2016 at 2:51 PM, Josh Reynolds  wrote:

> Like they are the default route for ALL OF THE THINGS? :)
>
> On Wed, May 4, 2016 at 4:46 PM, Chuck McCown  wrote:
> > Remember back in the early days of the net when mis-configured routers
> would
> > sometimes announce themselves to the world, for everything?
> >
> > From: Eric Kuhnke
> > Sent: Wednesday, May 04, 2016 3:44 PM
> > To: af@afmug.com
> > Subject: Re: [AFMUG] Gino, can you get this? :)
> >
> > My favorite of all time is when Pakistan's PTCL (an entity functionally
> > equivalent to Centurylink or Verizon, they're the LEC) decided to
> announce
> > Youtube's ipv4 prefixes... Not only did they mess things up for everyone
> but
> > they also DDoSed themselves at their international transport capacity in
> and
> > out of Karachi via submarine routes.
> >
> >
> http://www.cnet.com/news/youtube-blames-pakistan-network-for-2-hour-outage/
> >
> >
> >
> > On Wed, May 4, 2016 at 2:37 PM, Josh Reynolds 
> wrote:
> >>
> >> Well, there is a lot of single homed stuff out there for sure.
> >>
> >> It doesn't get much better the higher up you go in the OSI model
> >> though. There's also a lot of incompetent operators out there as well.
> >>
> >>
> http://www.bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/
> >> https://twitter.com/bgpstream?lang=en
> >>
> >> On Wed, May 4, 2016 at 4:33 PM, Eric Kuhnke 
> wrote:
> >> > It's not, really, it's the fragility of layers 1 and 2...  all the BGP
> >> > sessions in the world and diverse upstreams won't help you if you're
> not
> >> > diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in a
> >> > semi
> >> > truck taking out an entire utility pole, 40 pound chunk of ice falling
> >> > on a
> >> > dish+radio, etc etc
> >> >
> >> > On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds 
> >> > wrote:
> >> >>
> >> >> ... or how fragile BGP is :)
> >> >>
> >> >> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke 
> >> >> wrote:
> >> >> > If the average person knew to what extent the internet is held
> >> >> > together
> >> >> > with
> >> >> > duct tape and twine, they'd be scared. Splice canisters for
> backbone
> >> >> > lines
> >> >> > carrying  40-channel WDM systems going through handholes that are
> >> >> > also a
> >> >> > residence of a family of angry raccoons.
> >> >> >
> >> >> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds <
> j...@kyneticwifi.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> Some may laugh, but that's, sadly, quite plausible.
> >> >> >>
> >> >> >> That said, at least a few years ago one could making a killing
> >> >> >> replacing light bulbs at AT&T shelters. $800/bulb.
> >> >> >>
> >> >> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke <
> eric.kuh...@gmail.com>
> >> >> >> wrote:
> >> >> >> > somebody in a cell site shelter tripped over an orange extension
> >> >> >> > cord
> >> >> >> > and $5
> >> >> >> > power strip probably...
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini
> >> >> >> > 
> >> >> >> > wrote:
> >> >> >> >>
> >> >> >> >> yeap, we are being affected, outage is related to Mobile
> Network.
> >> >> >> >> No
> >> >> >> >> official word yet, there was a earlier rumor about a circuit
> >> >> >> >> breaker
> >> >> >> >> being
> >> >> >> >> accidentally turned off.  But my inside sources debunked it.  I
> >> >> >> >> believe
> >> >> >> >> its
> >> >> >> >> a Issue with EPC
> >> >> >> >>
> >> >> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds
> >> >> >> >> 
> >> >> >> >> wrote:
> >> >> >> >>>
> >> >> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours
> >> >> >> >>> now.
> >> >> >> >>>
> >> >> >> >>> Were you effected? Any idea what caused it?
> >> >> >> >>
> >> >> >> >>
> >> >> >> >
> >> >> >
> >> >> >
> >> >
> >> >
> >
> >
>

Re: [AFMUG] Gino, can you get this? :)

[Josh Reynolds]

I almost feel like there should be some sort of route filter auditing
going on by every company allowed to have an ASN.

... almost

On Wed, May 4, 2016 at 4:54 PM, Eric Kuhnke  wrote:
> Like, if I'm dumb enough to announce 8.0.0.0/8 and I'm singlehomed to an
> upstream provider that is also dumb enough to accept it, suddenly a lot of
> other BGP-speaking things that are nearby will see that the shortest route
> to 8/8 as being via my pipe. Cue the self inflicted DDoS.
>
> On Wed, May 4, 2016 at 2:51 PM, Josh Reynolds  wrote:
>>
>> Like they are the default route for ALL OF THE THINGS? :)
>>
>> On Wed, May 4, 2016 at 4:46 PM, Chuck McCown  wrote:
>> > Remember back in the early days of the net when mis-configured routers
>> > would
>> > sometimes announce themselves to the world, for everything?
>> >
>> > From: Eric Kuhnke
>> > Sent: Wednesday, May 04, 2016 3:44 PM
>> > To: af@afmug.com
>> > Subject: Re: [AFMUG] Gino, can you get this? :)
>> >
>> > My favorite of all time is when Pakistan's PTCL (an entity functionally
>> > equivalent to Centurylink or Verizon, they're the LEC) decided to
>> > announce
>> > Youtube's ipv4 prefixes... Not only did they mess things up for everyone
>> > but
>> > they also DDoSed themselves at their international transport capacity in
>> > and
>> > out of Karachi via submarine routes.
>> >
>> >
>> > http://www.cnet.com/news/youtube-blames-pakistan-network-for-2-hour-outage/
>> >
>> >
>> >
>> > On Wed, May 4, 2016 at 2:37 PM, Josh Reynolds 
>> > wrote:
>> >>
>> >> Well, there is a lot of single homed stuff out there for sure.
>> >>
>> >> It doesn't get much better the higher up you go in the OSI model
>> >> though. There's also a lot of incompetent operators out there as well.
>> >>
>> >>
>> >> http://www.bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/
>> >> https://twitter.com/bgpstream?lang=en
>> >>
>> >> On Wed, May 4, 2016 at 4:33 PM, Eric Kuhnke 
>> >> wrote:
>> >> > It's not, really, it's the fragility of layers 1 and 2...  all the
>> >> > BGP
>> >> > sessions in the world and diverse upstreams won't help you if you're
>> >> > not
>> >> > diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in
>> >> > a
>> >> > semi
>> >> > truck taking out an entire utility pole, 40 pound chunk of ice
>> >> > falling
>> >> > on a
>> >> > dish+radio, etc etc
>> >> >
>> >> > On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds 
>> >> > wrote:
>> >> >>
>> >> >> ... or how fragile BGP is :)
>> >> >>
>> >> >> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke 
>> >> >> wrote:
>> >> >> > If the average person knew to what extent the internet is held
>> >> >> > together
>> >> >> > with
>> >> >> > duct tape and twine, they'd be scared. Splice canisters for
>> >> >> > backbone
>> >> >> > lines
>> >> >> > carrying  40-channel WDM systems going through handholes that are
>> >> >> > also a
>> >> >> > residence of a family of angry raccoons.
>> >> >> >
>> >> >> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds
>> >> >> > 
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> Some may laugh, but that's, sadly, quite plausible.
>> >> >> >>
>> >> >> >> That said, at least a few years ago one could making a killing
>> >> >> >> replacing light bulbs at AT&T shelters. $800/bulb.
>> >> >> >>
>> >> >> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke
>> >> >> >> 
>> >> >> >> wrote:
>> >> >> >> > somebody in a cell site shelter tripped over an orange
>> >> >> >> > extension
>> >> >> >> > cord
>> >> >> >> > and $5
>> >> >> >> > power strip probably...
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini
>> >> >> >> > 
>> >> >> >> > wrote:
>> >> >> >> >>
>> >> >> >> >> yeap, we are being affected, outage is related to Mobile
>> >> >> >> >> Network.
>> >> >> >> >> No
>> >> >> >> >> official word yet, there was a earlier rumor about a circuit
>> >> >> >> >> breaker
>> >> >> >> >> being
>> >> >> >> >> accidentally turned off.  But my inside sources debunked it.
>> >> >> >> >> I
>> >> >> >> >> believe
>> >> >> >> >> its
>> >> >> >> >> a Issue with EPC
>> >> >> >> >>
>> >> >> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds
>> >> >> >> >> 
>> >> >> >> >> wrote:
>> >> >> >> >>>
>> >> >> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours
>> >> >> >> >>> now.
>> >> >> >> >>>
>> >> >> >> >>> Were you effected? Any idea what caused it?
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >
>> >> >
>> >
>> >
>
>

[AFMUG] Routed Gigabit Micro Repeater (Mimosa hardware)

[Christopher Gray]

For my routed 100 Mbps micro repeater sites I've been running MikroTik
RB750P routers for both routing traffic and powering radios (With good
results).

I want to setup my first small routed 1 Gbps repeater site using 2x B5
backhaul links and 1x A5 PtMP. What are others using to run a small routed
site that runs 48V Gigabit radios?

I'm considering a RB750G with a Netonix WS-6-MINI, but using a Netonix as a
power injector seems a little overkill.

Re: [AFMUG] Routed Gigabit Micro Repeater (Mimosa hardware)

[Josh Reynolds]

Netonix

On Wed, May 4, 2016 at 5:02 PM, Christopher Gray
 wrote:
> For my routed 100 Mbps micro repeater sites I've been running MikroTik
> RB750P routers for both routing traffic and powering radios (With good
> results).
>
> I want to setup my first small routed 1 Gbps repeater site using 2x B5
> backhaul links and 1x A5 PtMP. What are others using to run a small routed
> site that runs 48V Gigabit radios?
>
> I'm considering a RB750G with a Netonix WS-6-MINI, but using a Netonix as a
> power injector seems a little overkill.

Re: [AFMUG] Gino, can you get this? :)

[Paul McCall]

http://southpark.cc.com/clips/hq0tek/internet-reset


From: Af [mailto:af-boun...@afmug.com] On Behalf Of Eric Kuhnke
Sent: Wednesday, May 04, 2016 5:54 PM
To: af@afmug.com
Subject: Re: [AFMUG] Gino, can you get this? :)

Like, if I'm dumb enough to announce 8.0.0.0/8 and I'm 
singlehomed to an upstream provider that is also dumb enough to accept it, 
suddenly a lot of other BGP-speaking things that are nearby will see that the 
shortest route to 8/8 as being via my pipe. Cue the self inflicted DDoS.

On Wed, May 4, 2016 at 2:51 PM, Josh Reynolds 
mailto:j...@kyneticwifi.com>> wrote:
Like they are the default route for ALL OF THE THINGS? :)

On Wed, May 4, 2016 at 4:46 PM, Chuck McCown 
mailto:ch...@wbmfg.com>> wrote:
> Remember back in the early days of the net when mis-configured routers would
> sometimes announce themselves to the world, for everything?
>
> From: Eric Kuhnke
> Sent: Wednesday, May 04, 2016 3:44 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] Gino, can you get this? :)
>
> My favorite of all time is when Pakistan's PTCL (an entity functionally
> equivalent to Centurylink or Verizon, they're the LEC) decided to announce
> Youtube's ipv4 prefixes... Not only did they mess things up for everyone but
> they also DDoSed themselves at their international transport capacity in and
> out of Karachi via submarine routes.
>
> http://www.cnet.com/news/youtube-blames-pakistan-network-for-2-hour-outage/
>
>
>
> On Wed, May 4, 2016 at 2:37 PM, Josh Reynolds 
> mailto:j...@kyneticwifi.com>> wrote:
>>
>> Well, there is a lot of single homed stuff out there for sure.
>>
>> It doesn't get much better the higher up you go in the OSI model
>> though. There's also a lot of incompetent operators out there as well.
>>
>> http://www.bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/
>> https://twitter.com/bgpstream?lang=en
>>
>> On Wed, May 4, 2016 at 4:33 PM, Eric Kuhnke 
>> mailto:eric.kuh...@gmail.com>> wrote:
>> > It's not, really, it's the fragility of layers 1 and 2...  all the BGP
>> > sessions in the world and diverse upstreams won't help you if you're not
>> > diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in a
>> > semi
>> > truck taking out an entire utility pole, 40 pound chunk of ice falling
>> > on a
>> > dish+radio, etc etc
>> >
>> > On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds 
>> > mailto:j...@kyneticwifi.com>>
>> > wrote:
>> >>
>> >> ... or how fragile BGP is :)
>> >>
>> >> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke 
>> >> mailto:eric.kuh...@gmail.com>>
>> >> wrote:
>> >> > If the average person knew to what extent the internet is held
>> >> > together
>> >> > with
>> >> > duct tape and twine, they'd be scared. Splice canisters for backbone
>> >> > lines
>> >> > carrying  40-channel WDM systems going through handholes that are
>> >> > also a
>> >> > residence of a family of angry raccoons.
>> >> >
>> >> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds 
>> >> > mailto:j...@kyneticwifi.com>>
>> >> > wrote:
>> >> >>
>> >> >> Some may laugh, but that's, sadly, quite plausible.
>> >> >>
>> >> >> That said, at least a few years ago one could making a killing
>> >> >> replacing light bulbs at AT&T shelters. $800/bulb.
>> >> >>
>> >> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke 
>> >> >> mailto:eric.kuh...@gmail.com>>
>> >> >> wrote:
>> >> >> > somebody in a cell site shelter tripped over an orange extension
>> >> >> > cord
>> >> >> > and $5
>> >> >> > power strip probably...
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini
>> >> >> > mailto:ginovi...@gmail.com>>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> yeap, we are being affected, outage is related to Mobile Network.
>> >> >> >> No
>> >> >> >> official word yet, there was a earlier rumor about a circuit
>> >> >> >> breaker
>> >> >> >> being
>> >> >> >> accidentally turned off.  But my inside sources debunked it.  I
>> >> >> >> believe
>> >> >> >> its
>> >> >> >> a Issue with EPC
>> >> >> >>
>> >> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds
>> >> >> >> mailto:j...@kyneticwifi.com>>
>> >> >> >> wrote:
>> >> >> >>>
>> >> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours
>> >> >> >>> now.
>> >> >> >>>
>> >> >> >>> Were you effected? Any idea what caused it?
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >
>> >> >
>> >
>> >
>
>

Re: [AFMUG] Gino, can you get this? :)

[Chuck McCown]

It happened more than once back in the day.

-Original Message- 
From: Josh Reynolds

Sent: Wednesday, May 04, 2016 3:51 PM
To: af@afmug.com
Subject: Re: [AFMUG] Gino, can you get this? :)

Like they are the default route for ALL OF THE THINGS? :)

On Wed, May 4, 2016 at 4:46 PM, Chuck McCown  wrote:
Remember back in the early days of the net when mis-configured routers 
would

sometimes announce themselves to the world, for everything?

From: Eric Kuhnke
Sent: Wednesday, May 04, 2016 3:44 PM
To: af@afmug.com
Subject: Re: [AFMUG] Gino, can you get this? :)

My favorite of all time is when Pakistan's PTCL (an entity functionally
equivalent to Centurylink or Verizon, they're the LEC) decided to announce
Youtube's ipv4 prefixes... Not only did they mess things up for everyone 
but
they also DDoSed themselves at their international transport capacity in 
and

out of Karachi via submarine routes.

http://www.cnet.com/news/youtube-blames-pakistan-network-for-2-hour-outage/



On Wed, May 4, 2016 at 2:37 PM, Josh Reynolds  
wrote:


Well, there is a lot of single homed stuff out there for sure.

It doesn't get much better the higher up you go in the OSI model
though. There's also a lot of incompetent operators out there as well.

http://www.bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/
https://twitter.com/bgpstream?lang=en

On Wed, May 4, 2016 at 4:33 PM, Eric Kuhnke  
wrote:

> It's not, really, it's the fragility of layers 1 and 2...  all the BGP
> sessions in the world and diverse upstreams won't help you if you're 
> not

> diverse and suffer backhoe fade, tornado, raccoon chew, drunk guy in a
> semi
> truck taking out an entire utility pole, 40 pound chunk of ice falling
> on a
> dish+radio, etc etc
>
> On Wed, May 4, 2016 at 2:31 PM, Josh Reynolds 
> wrote:
>>
>> ... or how fragile BGP is :)
>>
>> On Wed, May 4, 2016 at 4:29 PM, Eric Kuhnke 
>> wrote:
>> > If the average person knew to what extent the internet is held
>> > together
>> > with
>> > duct tape and twine, they'd be scared. Splice canisters for backbone
>> > lines
>> > carrying  40-channel WDM systems going through handholes that are
>> > also a
>> > residence of a family of angry raccoons.
>> >
>> > On Wed, May 4, 2016 at 2:26 PM, Josh Reynolds 
>> > wrote:
>> >>
>> >> Some may laugh, but that's, sadly, quite plausible.
>> >>
>> >> That said, at least a few years ago one could making a killing
>> >> replacing light bulbs at AT&T shelters. $800/bulb.
>> >>
>> >> On Wed, May 4, 2016 at 4:24 PM, Eric Kuhnke 
>> >> wrote:
>> >> > somebody in a cell site shelter tripped over an orange extension
>> >> > cord
>> >> > and $5
>> >> > power strip probably...
>> >> >
>> >> >
>> >> >
>> >> > On Wed, May 4, 2016 at 2:19 PM, Gino Villarini
>> >> > 
>> >> > wrote:
>> >> >>
>> >> >> yeap, we are being affected, outage is related to Mobile 
>> >> >> Network.

>> >> >> No
>> >> >> official word yet, there was a earlier rumor about a circuit
>> >> >> breaker
>> >> >> being
>> >> >> accidentally turned off.  But my inside sources debunked it.  I
>> >> >> believe
>> >> >> its
>> >> >> a Issue with EPC
>> >> >>
>> >> >> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds
>> >> >> 
>> >> >> wrote:
>> >> >>>
>> >> >>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours
>> >> >>> now.
>> >> >>>
>> >> >>> Were you effected? Any idea what caused it?
>> >> >>
>> >> >>
>> >> >
>> >
>> >
>
>

Re: [AFMUG] Gino, can you get this? :)

[Jaime Solorza]

At WSMR when we worked with DEC they had a part of network segment go down
about 4 to 430 everyday for a few days... we got hired to work with their
local techs to trace issue.   All this expensive gear set up early...every
trailer manned and two way radios about 415 call comes in...problem
found cleaning lady would disconnect Etherhub to connect vacuum
cleaner about  12 trailers in a row on old DecNET plant.
On May 4, 2016 3:24 PM, "Eric Kuhnke"  wrote:

somebody in a cell site shelter tripped over an orange extension cord and
$5 power strip probably...



On Wed, May 4, 2016 at 2:19 PM, Gino Villarini  wrote:

> yeap, we are being affected, outage is related to Mobile Network.  No
> official word yet, there was a earlier rumor about a circuit breaker being
> accidentally turned off.  But my inside sources debunked it.  I believe its
> a Issue with EPC
>
> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
> wrote:
>
>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
>>
>> Were you effected? Any idea what caused it?
>>
>
>

[AFMUG] UBNT CPE being used for Abusive actions?

[SmarterBroadband]

I have received a number of emails for ab...@light-gap.net saying certain of 
our IP address are being used for attacks (see email text below).

 

All IP addresses are in UBNT radios.  We are unable to remote access any of the 
these radios now.  We see that the radio we are unable to access rebooted a 
couple of days ago.  A number of other radios show they rebooted around the 
same time (in sequence) on the AP.  We are unable to remote access any of those 
either. Other radios with longer uptime on the AP’s are fine.

 

We have a tech on route to one of the customer sites.

 

We think the radios are being made into bots.  Anyone seen this or anything 
like this?  Do the hackers need a username and password to hack a radio?  I.E.  
Would a change of the password stop the changes being made to the radios?  Any 
other thoughts, suggestions or ideas?

 

Thanks

 

Adam  

 

Email Text below:

 

“This is a semi-automated e-mail from the LG-Mailproxy authentication system, 
all requests have been approved manually by the system-administrators or are 
obviously unwanted (eg. requests to our spamtraps).

For further questions or if additional information is needed please reply to 
this email.

 

The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious behaviour 
on our system.

This happened already 1 times.

It might be be part of a botnet, infected by a trojan/virus or running 
brute-force attacks.

 

Our affected destination servers: smtp.light-gap.net, imap.light-gap.net

 

Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6 different 
usernames and wrong password:

2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at" (spamtrap 
account)

2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)

2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)

2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)

2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at" (spamtrap 
account)

2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account)

2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account) Ongoing 
failed/unauthorized logins attempts will be logged and sent to you every 24h 
until the IP will be permanently banned from our systems after 72 hours.

 

The Light-Gap.net Abuse Team.”

 

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Tushar Patel]

Radios could be put on private ip so nobody from outside world can access it. 
That is what we do.

Tushar


> On May 4, 2016, at 5:22 PM, SmarterBroadband  
> wrote:
> 
> I have received a number of emails for ab...@light-gap.net saying certain of 
> our IP address are being used for attacks (see email text below).
>  
> All IP addresses are in UBNT radios.  We are unable to remote access any of 
> the these radios now.  We see that the radio we are unable to access rebooted 
> a couple of days ago.  A number of other radios show they rebooted around the 
> same time (in sequence) on the AP.  We are unable to remote access any of 
> those either. Other radios with longer uptime on the AP’s are fine.
>  
> We have a tech on route to one of the customer sites.
>  
> We think the radios are being made into bots.  Anyone seen this or anything 
> like this?  Do the hackers need a username and password to hack a radio?  
> I.E.  Would a change of the password stop the changes being made to the 
> radios?  Any other thoughts, suggestions or ideas?
>  
> Thanks
>  
> Adam 
>  
> Email Text below:
>  
> “This is a semi-automated e-mail from the LG-Mailproxy authentication system, 
> all requests have been approved manually by the system-administrators or are 
> obviously unwanted (eg. requests to our spamtraps).
> For further questions or if additional information is needed please reply to 
> this email.
>  
> The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious 
> behaviour on our system.
> This happened already 1 times.
> It might be be part of a botnet, infected by a trojan/virus or running 
> brute-force attacks.
>  
> Our affected destination servers: smtp.light-gap.net, imap.light-gap.net
>  
> Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6 
> different usernames and wrong password:
> 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at" 
> (spamtrap account)
> 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)
> 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)
> 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)
> 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at" 
> (spamtrap account)
> 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account)
> 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account) Ongoing 
> failed/unauthorized logins attempts will be logged and sent to you every 24h 
> until the IP will be permanently banned from our systems after 72 hours.
>  
> The Light-Gap.net Abuse Team.”
>  

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[SmarterBroadband]

Hi Tushar

 

We run all radios in NAT mode.

 

Adam

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
Sent: Wednesday, May 04, 2016 3:34 PM
To: af@afmug.com
Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?

 

Radios could be put on private ip so nobody from outside world can access it. 
That is what we do.

Tushar

 


On May 4, 2016, at 5:22 PM, SmarterBroadband  wrote:

I have received a number of emails for ab...@light-gap.net saying certain of 
our IP address are being used for attacks (see email text below).

 

All IP addresses are in UBNT radios.  We are unable to remote access any of the 
these radios now.  We see that the radio we are unable to access rebooted a 
couple of days ago.  A number of other radios show they rebooted around the 
same time (in sequence) on the AP.  We are unable to remote access any of those 
either. Other radios with longer uptime on the AP’s are fine.

 

We have a tech on route to one of the customer sites.

 

We think the radios are being made into bots.  Anyone seen this or anything 
like this?  Do the hackers need a username and password to hack a radio?  I.E.  
Would a change of the password stop the changes being made to the radios?  Any 
other thoughts, suggestions or ideas?

 

Thanks

 

Adam  

 

Email Text below:

 

“This is a semi-automated e-mail from the LG-Mailproxy authentication system, 
all requests have been approved manually by the system-administrators or are 
obviously unwanted (eg. requests to our spamtraps).

For further questions or if additional information is needed please reply to 
this email.

 

The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious behaviour 
on our system.

This happened already 1 times.

It might be be part of a botnet, infected by a trojan/virus or running 
brute-force attacks.

 

Our affected destination servers: smtp.light-gap.net, imap.light-gap.net

 

Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6 different 
usernames and wrong password:

2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at" (spamtrap 
account)

2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)

2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)

2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)

2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at" (spamtrap 
account)

2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account)

2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account) Ongoing 
failed/unauthorized logins attempts will be logged and sent to you every 24h 
until the IP will be permanently banned from our systems after 72 hours.

 

The Light-Gap.net Abuse Team.”

 

Re: [AFMUG] Source for equipment enclosures

[Sterling Jacobson]

We get ours from a local electrical outlet, Codale.

Maybe your massive size local electric supplier has stuff in stock or can order 
for you sooner.

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Wireless Administrator
Sent: Wednesday, May 4, 2016 3:33 PM
To: af@afmug.com
Subject: [AFMUG] Source for equipment enclosures

Can anyone recommendation a supplier for custom stainless equipment enclosures 
in the $1700 range.  Based on comments here we contracted to have ours built by 
Bison ProFab but that has been a disaster.  We started working with them on 
2/11 and they still do not have our first enclosure completed.  None of the 
commitments they made have been realized.

Can anyone recommend a reliable source?

Steve B.

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Josh Reynolds]

I would encourage you to put your CPEs on a management vlan, in RFC1918 space.

On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
 wrote:
> Hi Tushar
>
>
>
> We run all radios in NAT mode.
>
>
>
> Adam
>
>
>
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
> Sent: Wednesday, May 04, 2016 3:34 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
>
>
>
> Radios could be put on private ip so nobody from outside world can access
> it. That is what we do.
>
> Tushar
>
>
>
>
> On May 4, 2016, at 5:22 PM, SmarterBroadband 
> wrote:
>
> I have received a number of emails for ab...@light-gap.net saying certain of
> our IP address are being used for attacks (see email text below).
>
>
>
> All IP addresses are in UBNT radios.  We are unable to remote access any of
> the these radios now.  We see that the radio we are unable to access
> rebooted a couple of days ago.  A number of other radios show they rebooted
> around the same time (in sequence) on the AP.  We are unable to remote
> access any of those either. Other radios with longer uptime on the AP’s are
> fine.
>
>
>
> We have a tech on route to one of the customer sites.
>
>
>
> We think the radios are being made into bots.  Anyone seen this or anything
> like this?  Do the hackers need a username and password to hack a radio?
> I.E.  Would a change of the password stop the changes being made to the
> radios?  Any other thoughts, suggestions or ideas?
>
>
>
> Thanks
>
>
>
> Adam
>
>
>
> Email Text below:
>
>
>
> “This is a semi-automated e-mail from the LG-Mailproxy authentication
> system, all requests have been approved manually by the
> system-administrators or are obviously unwanted (eg. requests to our
> spamtraps).
>
> For further questions or if additional information is needed please reply to
> this email.
>
>
>
> The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious
> behaviour on our system.
>
> This happened already 1 times.
>
> It might be be part of a botnet, infected by a trojan/virus or running
> brute-force attacks.
>
>
>
> Our affected destination servers: smtp.light-gap.net, imap.light-gap.net
>
>
>
> Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6
> different usernames and wrong password:
>
> 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at"
> (spamtrap account)
>
> 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)
>
> 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)
>
> 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)
>
> 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at"
> (spamtrap account)
>
> 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account)
>
> 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account)
> Ongoing failed/unauthorized logins attempts will be logged and sent to you
> every 24h until the IP will be permanently banned from our systems after 72
> hours.
>
>
>
> The Light-Gap.net Abuse Team.”
>
>

Re: [AFMUG] Routed Gigabit Micro Repeater (Mimosa hardware)

[Rob Genovesi]

Netonix switches have been great for us.  We're using the DC model
with a few batteries for backup.  The Netonix takes 9-60 VDC in and
can output 24V or 48V (configurable by port).  Perfect for powering a
24V Mikrotik and a few 48V radios.

-Rob



On Wed, May 4, 2016 at 3:02 PM, Christopher Gray
 wrote:
> For my routed 100 Mbps micro repeater sites I've been running MikroTik
> RB750P routers for both routing traffic and powering radios (With good
> results).
>
> I want to setup my first small routed 1 Gbps repeater site using 2x B5
> backhaul links and 1x A5 PtMP. What are others using to run a small routed
> site that runs 48V Gigabit radios?
>
> I'm considering a RB750G with a Netonix WS-6-MINI, but using a Netonix as a
> power injector seems a little overkill.

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Mathew Howard]

I really wish Ubiquiti radios had a separate management vlan option (in
router mode), like ePMP does...

On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds  wrote:

> I would encourage you to put your CPEs on a management vlan, in RFC1918
> space.
>
> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>  wrote:
> > Hi Tushar
> >
> >
> >
> > We run all radios in NAT mode.
> >
> >
> >
> > Adam
> >
> >
> >
> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
> > Sent: Wednesday, May 04, 2016 3:34 PM
> > To: af@afmug.com
> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
> >
> >
> >
> > Radios could be put on private ip so nobody from outside world can access
> > it. That is what we do.
> >
> > Tushar
> >
> >
> >
> >
> > On May 4, 2016, at 5:22 PM, SmarterBroadband  >
> > wrote:
> >
> > I have received a number of emails for ab...@light-gap.net saying
> certain of
> > our IP address are being used for attacks (see email text below).
> >
> >
> >
> > All IP addresses are in UBNT radios.  We are unable to remote access any
> of
> > the these radios now.  We see that the radio we are unable to access
> > rebooted a couple of days ago.  A number of other radios show they
> rebooted
> > around the same time (in sequence) on the AP.  We are unable to remote
> > access any of those either. Other radios with longer uptime on the AP’s
> are
> > fine.
> >
> >
> >
> > We have a tech on route to one of the customer sites.
> >
> >
> >
> > We think the radios are being made into bots.  Anyone seen this or
> anything
> > like this?  Do the hackers need a username and password to hack a radio?
> > I.E.  Would a change of the password stop the changes being made to the
> > radios?  Any other thoughts, suggestions or ideas?
> >
> >
> >
> > Thanks
> >
> >
> >
> > Adam
> >
> >
> >
> > Email Text below:
> >
> >
> >
> > “This is a semi-automated e-mail from the LG-Mailproxy authentication
> > system, all requests have been approved manually by the
> > system-administrators or are obviously unwanted (eg. requests to our
> > spamtraps).
> >
> > For further questions or if additional information is needed please
> reply to
> > this email.
> >
> >
> >
> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious
> > behaviour on our system.
> >
> > This happened already 1 times.
> >
> > It might be be part of a botnet, infected by a trojan/virus or running
> > brute-force attacks.
> >
> >
> >
> > Our affected destination servers: smtp.light-gap.net, imap.light-gap.net
> >
> >
> >
> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6
> > different usernames and wrong password:
> >
> > 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at"
> > (spamtrap account)
> >
> > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)
> >
> > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)
> >
> > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)
> >
> > 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at"
> > (spamtrap account)
> >
> > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account)
> >
> > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account)
> > Ongoing failed/unauthorized logins attempts will be logged and sent to
> you
> > every 24h until the IP will be permanently banned from our systems after
> 72
> > hours.
> >
> >
> >
> > The Light-Gap.net Abuse Team.”
> >
> >
>

Re: [AFMUG] Routed Gigabit Micro Repeater (Mimosa hardware)

[Mathew Howard]

Packetflux...

On Wed, May 4, 2016 at 6:21 PM, Rob Genovesi  wrote:

> Netonix switches have been great for us.  We're using the DC model
> with a few batteries for backup.  The Netonix takes 9-60 VDC in and
> can output 24V or 48V (configurable by port).  Perfect for powering a
> 24V Mikrotik and a few 48V radios.
>
> -Rob
>
>
>
> On Wed, May 4, 2016 at 3:02 PM, Christopher Gray
>  wrote:
> > For my routed 100 Mbps micro repeater sites I've been running MikroTik
> > RB750P routers for both routing traffic and powering radios (With good
> > results).
> >
> > I want to setup my first small routed 1 Gbps repeater site using 2x B5
> > backhaul links and 1x A5 PtMP. What are others using to run a small
> routed
> > site that runs 48V Gigabit radios?
> >
> > I'm considering a RB750G with a Netonix WS-6-MINI, but using a Netonix
> as a
> > power injector seems a little overkill.
>

Re: [AFMUG] Source for equipment enclosures

[Jaime Solorza]

Saginaw
On May 4, 2016 3:33 PM, "Wireless Administrator"  wrote:

> Can anyone recommendation a supplier for custom stainless equipment
> enclosures in the $1700 range.  Based on comments here we contracted to
> have ours built by Bison ProFab but that has been a disaster.  We started
> working with them on 2/11 and they still do not have our first enclosure
> completed.  None of the commitments they made have been realized.
>
>
>
> Can anyone recommend a reliable source?
>
>
>
> Steve B.
>
>
>

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Josh Luthman]

It does...you just need to set it up that way.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, May 4, 2016 at 7:54 PM, Mathew Howard  wrote:

> I really wish Ubiquiti radios had a separate management vlan option (in
> router mode), like ePMP does...
>
> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
> wrote:
>
>> I would encourage you to put your CPEs on a management vlan, in RFC1918
>> space.
>>
>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>>  wrote:
>> > Hi Tushar
>> >
>> >
>> >
>> > We run all radios in NAT mode.
>> >
>> >
>> >
>> > Adam
>> >
>> >
>> >
>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
>> > Sent: Wednesday, May 04, 2016 3:34 PM
>> > To: af@afmug.com
>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
>> >
>> >
>> >
>> > Radios could be put on private ip so nobody from outside world can
>> access
>> > it. That is what we do.
>> >
>> > Tushar
>> >
>> >
>> >
>> >
>> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
>> li...@smarterbroadband.com>
>> > wrote:
>> >
>> > I have received a number of emails for ab...@light-gap.net saying
>> certain of
>> > our IP address are being used for attacks (see email text below).
>> >
>> >
>> >
>> > All IP addresses are in UBNT radios.  We are unable to remote access
>> any of
>> > the these radios now.  We see that the radio we are unable to access
>> > rebooted a couple of days ago.  A number of other radios show they
>> rebooted
>> > around the same time (in sequence) on the AP.  We are unable to remote
>> > access any of those either. Other radios with longer uptime on the AP’s
>> are
>> > fine.
>> >
>> >
>> >
>> > We have a tech on route to one of the customer sites.
>> >
>> >
>> >
>> > We think the radios are being made into bots.  Anyone seen this or
>> anything
>> > like this?  Do the hackers need a username and password to hack a radio?
>> > I.E.  Would a change of the password stop the changes being made to the
>> > radios?  Any other thoughts, suggestions or ideas?
>> >
>> >
>> >
>> > Thanks
>> >
>> >
>> >
>> > Adam
>> >
>> >
>> >
>> > Email Text below:
>> >
>> >
>> >
>> > “This is a semi-automated e-mail from the LG-Mailproxy authentication
>> > system, all requests have been approved manually by the
>> > system-administrators or are obviously unwanted (eg. requests to our
>> > spamtraps).
>> >
>> > For further questions or if additional information is needed please
>> reply to
>> > this email.
>> >
>> >
>> >
>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious
>> > behaviour on our system.
>> >
>> > This happened already 1 times.
>> >
>> > It might be be part of a botnet, infected by a trojan/virus or running
>> > brute-force attacks.
>> >
>> >
>> >
>> > Our affected destination servers: smtp.light-gap.net,
>> imap.light-gap.net
>> >
>> >
>> >
>> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6
>> > different usernames and wrong password:
>> >
>> > 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at"
>> > (spamtrap account)
>> >
>> > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)
>> >
>> > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)
>> >
>> > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)
>> >
>> > 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at"
>> > (spamtrap account)
>> >
>> > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account)
>> >
>> > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account)
>> > Ongoing failed/unauthorized logins attempts will be logged and sent to
>> you
>> > every 24h until the IP will be permanently banned from our systems
>> after 72
>> > hours.
>> >
>> >
>> >
>> > The Light-Gap.net Abuse Team.”
>> >
>> >
>>
>
>

Re: [AFMUG] Gino, can you get this? :)

[CBB - Jay Fuller]

It takes 8 hours to reset a circuit breaker?
sorry, couldn't resist :)

  - Original Message - 
  From: Gino Villarini 
  To: Animal Farm 
  Sent: Wednesday, May 04, 2016 4:19 PM
  Subject: Re: [AFMUG] Gino, can you get this? :)


  yeap, we are being affected, outage is related to Mobile Network.  No 
official word yet, there was a earlier rumor about a circuit breaker being 
accidentally turned off.  But my inside sources debunked it.  I believe its a 
Issue with EPC


  On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds  wrote:

Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.

Were you effected? Any idea what caused it?

Re: [AFMUG] Gino, can you get this? :)

[Josh Luthman]

Well everyone responsible was fired since PR is so in debt.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On May 4, 2016 9:15 PM, "CBB - Jay Fuller" 
wrote:

>
> It takes 8 hours to reset a circuit breaker?
> sorry, couldn't resist :)
>
>
> - Original Message -
> *From:* Gino Villarini 
> *To:* Animal Farm 
> *Sent:* Wednesday, May 04, 2016 4:19 PM
> *Subject:* Re: [AFMUG] Gino, can you get this? :)
>
> yeap, we are being affected, outage is related to Mobile Network.  No
> official word yet, there was a earlier rumor about a circuit breaker being
> accidentally turned off.  But my inside sources debunked it.  I believe its
> a Issue with EPC
>
> On Wed, May 4, 2016 at 4:41 PM, Josh Reynolds 
> wrote:
>
>> Bit AT&T PR outage. Over 1 million cusomers down for 8+ hours now.
>>
>> Were you effected? Any idea what caused it?
>>
>
>

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Mathew Howard]

I have our ePMP's setup to get their public IP via PPPoE, and the radio
also gets a completely separate private management IP via DHCP, which is
the only way you can remotely access the radio, and it doesn't even have to
be in a separate vlan unless you want it to be... and it's one checkbox to
configure it.

I'm not sure if that can be duplicated on UBNT or not, since I haven't
really tried yet, but at the very least it's a lot more complicated to
configure.



On Wed, May 4, 2016 at 7:04 PM, Josh Luthman 
wrote:

> It does...you just need to set it up that way.
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
> wrote:
>
>> I really wish Ubiquiti radios had a separate management vlan option (in
>> router mode), like ePMP does...
>>
>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
>> wrote:
>>
>>> I would encourage you to put your CPEs on a management vlan, in RFC1918
>>> space.
>>>
>>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>>>  wrote:
>>> > Hi Tushar
>>> >
>>> >
>>> >
>>> > We run all radios in NAT mode.
>>> >
>>> >
>>> >
>>> > Adam
>>> >
>>> >
>>> >
>>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
>>> > Sent: Wednesday, May 04, 2016 3:34 PM
>>> > To: af@afmug.com
>>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
>>> >
>>> >
>>> >
>>> > Radios could be put on private ip so nobody from outside world can
>>> access
>>> > it. That is what we do.
>>> >
>>> > Tushar
>>> >
>>> >
>>> >
>>> >
>>> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
>>> li...@smarterbroadband.com>
>>> > wrote:
>>> >
>>> > I have received a number of emails for ab...@light-gap.net saying
>>> certain of
>>> > our IP address are being used for attacks (see email text below).
>>> >
>>> >
>>> >
>>> > All IP addresses are in UBNT radios.  We are unable to remote access
>>> any of
>>> > the these radios now.  We see that the radio we are unable to access
>>> > rebooted a couple of days ago.  A number of other radios show they
>>> rebooted
>>> > around the same time (in sequence) on the AP.  We are unable to remote
>>> > access any of those either. Other radios with longer uptime on the
>>> AP’s are
>>> > fine.
>>> >
>>> >
>>> >
>>> > We have a tech on route to one of the customer sites.
>>> >
>>> >
>>> >
>>> > We think the radios are being made into bots.  Anyone seen this or
>>> anything
>>> > like this?  Do the hackers need a username and password to hack a
>>> radio?
>>> > I.E.  Would a change of the password stop the changes being made to the
>>> > radios?  Any other thoughts, suggestions or ideas?
>>> >
>>> >
>>> >
>>> > Thanks
>>> >
>>> >
>>> >
>>> > Adam
>>> >
>>> >
>>> >
>>> > Email Text below:
>>> >
>>> >
>>> >
>>> > “This is a semi-automated e-mail from the LG-Mailproxy authentication
>>> > system, all requests have been approved manually by the
>>> > system-administrators or are obviously unwanted (eg. requests to our
>>> > spamtraps).
>>> >
>>> > For further questions or if additional information is needed please
>>> reply to
>>> > this email.
>>> >
>>> >
>>> >
>>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious
>>> > behaviour on our system.
>>> >
>>> > This happened already 1 times.
>>> >
>>> > It might be be part of a botnet, infected by a trojan/virus or running
>>> > brute-force attacks.
>>> >
>>> >
>>> >
>>> > Our affected destination servers: smtp.light-gap.net,
>>> imap.light-gap.net
>>> >
>>> >
>>> >
>>> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6
>>> > different usernames and wrong password:
>>> >
>>> > 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at"
>>> > (spamtrap account)
>>> >
>>> > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)
>>> >
>>> > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)
>>> >
>>> > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)
>>> >
>>> > 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at"
>>> > (spamtrap account)
>>> >
>>> > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account)
>>> >
>>> > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account)
>>> > Ongoing failed/unauthorized logins attempts will be logged and sent to
>>> you
>>> > every 24h until the IP will be permanently banned from our systems
>>> after 72
>>> > hours.
>>> >
>>> >
>>> >
>>> > The Light-Gap.net Abuse Team.”
>>> >
>>> >
>>>
>>
>>
>

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Josh Luthman]

People do it for sure.  I want to say there was an example on the forums or
some where...

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:

> I have our ePMP's setup to get their public IP via PPPoE, and the radio
> also gets a completely separate private management IP via DHCP, which is
> the only way you can remotely access the radio, and it doesn't even have to
> be in a separate vlan unless you want it to be... and it's one checkbox to
> configure it.
>
> I'm not sure if that can be duplicated on UBNT or not, since I haven't
> really tried yet, but at the very least it's a lot more complicated to
> configure.
>
>
>
> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman 
> wrote:
>
>> It does...you just need to set it up that way.
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
>> wrote:
>>
>>> I really wish Ubiquiti radios had a separate management vlan option (in
>>> router mode), like ePMP does...
>>>
>>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
>>> wrote:
>>>
 I would encourage you to put your CPEs on a management vlan, in RFC1918
 space.

 On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
  wrote:
 > Hi Tushar
 >
 >
 >
 > We run all radios in NAT mode.
 >
 >
 >
 > Adam
 >
 >
 >
 > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
 > Sent: Wednesday, May 04, 2016 3:34 PM
 > To: af@afmug.com
 > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
 >
 >
 >
 > Radios could be put on private ip so nobody from outside world can
 access
 > it. That is what we do.
 >
 > Tushar
 >
 >
 >
 >
 > On May 4, 2016, at 5:22 PM, SmarterBroadband <
 li...@smarterbroadband.com>
 > wrote:
 >
 > I have received a number of emails for ab...@light-gap.net saying
 certain of
 > our IP address are being used for attacks (see email text below).
 >
 >
 >
 > All IP addresses are in UBNT radios.  We are unable to remote access
 any of
 > the these radios now.  We see that the radio we are unable to access
 > rebooted a couple of days ago.  A number of other radios show they
 rebooted
 > around the same time (in sequence) on the AP.  We are unable to remote
 > access any of those either. Other radios with longer uptime on the
 AP’s are
 > fine.
 >
 >
 >
 > We have a tech on route to one of the customer sites.
 >
 >
 >
 > We think the radios are being made into bots.  Anyone seen this or
 anything
 > like this?  Do the hackers need a username and password to hack a
 radio?
 > I.E.  Would a change of the password stop the changes being made to
 the
 > radios?  Any other thoughts, suggestions or ideas?
 >
 >
 >
 > Thanks
 >
 >
 >
 > Adam
 >
 >
 >
 > Email Text below:
 >
 >
 >
 > “This is a semi-automated e-mail from the LG-Mailproxy authentication
 > system, all requests have been approved manually by the
 > system-administrators or are obviously unwanted (eg. requests to our
 > spamtraps).
 >
 > For further questions or if additional information is needed please
 reply to
 > this email.
 >
 >
 >
 > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious
 > behaviour on our system.
 >
 > This happened already 1 times.
 >
 > It might be be part of a botnet, infected by a trojan/virus or running
 > brute-force attacks.
 >
 >
 >
 > Our affected destination servers: smtp.light-gap.net,
 imap.light-gap.net
 >
 >
 >
 > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6
 > different usernames and wrong password:
 >
 > 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at"
 > (spamtrap account)
 >
 > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)
 >
 > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)
 >
 > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)
 >
 > 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at"
 > (spamtrap account)
 >
 > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap
 account)
 >
 > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account)
 > Ongoing failed/unauthorized logins attempts will be logged and sent
 to you
 > every 24h until the IP will be permanently banned from our systems
 after 72
 > hours.
 >
 >
 >
 > The Light-Gap.net Abuse Team.”
 >
 >

>>>
>>>
>>
>

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Mathew Howard]

Yeah, I looked at setting it up that way at one point, but something didn't
look like it was going to work quite the way I wanted it to... but I
probably spent all of five minutes on it, so it may very well be possible.
The way ePMP does it is really nice though... and simple.

On Wed, May 4, 2016 at 8:38 PM, Josh Luthman 
wrote:

> People do it for sure.  I want to say there was an example on the forums
> or some where...
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:
>
>> I have our ePMP's setup to get their public IP via PPPoE, and the radio
>> also gets a completely separate private management IP via DHCP, which is
>> the only way you can remotely access the radio, and it doesn't even have to
>> be in a separate vlan unless you want it to be... and it's one checkbox to
>> configure it.
>>
>> I'm not sure if that can be duplicated on UBNT or not, since I haven't
>> really tried yet, but at the very least it's a lot more complicated to
>> configure.
>>
>>
>>
>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman > > wrote:
>>
>>> It does...you just need to set it up that way.
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
>>> wrote:
>>>
 I really wish Ubiquiti radios had a separate management vlan option (in
 router mode), like ePMP does...

 On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
 wrote:

> I would encourage you to put your CPEs on a management vlan, in
> RFC1918 space.
>
> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>  wrote:
> > Hi Tushar
> >
> >
> >
> > We run all radios in NAT mode.
> >
> >
> >
> > Adam
> >
> >
> >
> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
> > Sent: Wednesday, May 04, 2016 3:34 PM
> > To: af@afmug.com
> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
> >
> >
> >
> > Radios could be put on private ip so nobody from outside world can
> access
> > it. That is what we do.
> >
> > Tushar
> >
> >
> >
> >
> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
> li...@smarterbroadband.com>
> > wrote:
> >
> > I have received a number of emails for ab...@light-gap.net saying
> certain of
> > our IP address are being used for attacks (see email text below).
> >
> >
> >
> > All IP addresses are in UBNT radios.  We are unable to remote access
> any of
> > the these radios now.  We see that the radio we are unable to access
> > rebooted a couple of days ago.  A number of other radios show they
> rebooted
> > around the same time (in sequence) on the AP.  We are unable to
> remote
> > access any of those either. Other radios with longer uptime on the
> AP’s are
> > fine.
> >
> >
> >
> > We have a tech on route to one of the customer sites.
> >
> >
> >
> > We think the radios are being made into bots.  Anyone seen this or
> anything
> > like this?  Do the hackers need a username and password to hack a
> radio?
> > I.E.  Would a change of the password stop the changes being made to
> the
> > radios?  Any other thoughts, suggestions or ideas?
> >
> >
> >
> > Thanks
> >
> >
> >
> > Adam
> >
> >
> >
> > Email Text below:
> >
> >
> >
> > “This is a semi-automated e-mail from the LG-Mailproxy authentication
> > system, all requests have been approved manually by the
> > system-administrators or are obviously unwanted (eg. requests to our
> > spamtraps).
> >
> > For further questions or if additional information is needed please
> reply to
> > this email.
> >
> >
> >
> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious
> > behaviour on our system.
> >
> > This happened already 1 times.
> >
> > It might be be part of a botnet, infected by a trojan/virus or
> running
> > brute-force attacks.
> >
> >
> >
> > Our affected destination servers: smtp.light-gap.net,
> imap.light-gap.net
> >
> >
> >
> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6
> > different usernames and wrong password:
> >
> > 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at
> "
> > (spamtrap account)
> >
> > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account)
> >
> > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account)
> >
> > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account)
> >
> > 2016-05-03T20:57:19+02:00 with username "downloads.opensci

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Eric Kuhnke]

The thread got this far and noone has wondered how the CPE was pwned in the
first place?

On Wed, May 4, 2016 at 6:55 PM, Mathew Howard  wrote:

> Yeah, I looked at setting it up that way at one point, but something
> didn't look like it was going to work quite the way I wanted it to... but I
> probably spent all of five minutes on it, so it may very well be possible.
> The way ePMP does it is really nice though... and simple.
>
> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman 
> wrote:
>
>> People do it for sure.  I want to say there was an example on the forums
>> or some where...
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:
>>
>>> I have our ePMP's setup to get their public IP via PPPoE, and the radio
>>> also gets a completely separate private management IP via DHCP, which is
>>> the only way you can remotely access the radio, and it doesn't even have to
>>> be in a separate vlan unless you want it to be... and it's one checkbox to
>>> configure it.
>>>
>>> I'm not sure if that can be duplicated on UBNT or not, since I haven't
>>> really tried yet, but at the very least it's a lot more complicated to
>>> configure.
>>>
>>>
>>>
>>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
>>> j...@imaginenetworksllc.com> wrote:
>>>
 It does...you just need to set it up that way.


 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373

 On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
 wrote:

> I really wish Ubiquiti radios had a separate management vlan option
> (in router mode), like ePMP does...
>
> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
> wrote:
>
>> I would encourage you to put your CPEs on a management vlan, in
>> RFC1918 space.
>>
>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>>  wrote:
>> > Hi Tushar
>> >
>> >
>> >
>> > We run all radios in NAT mode.
>> >
>> >
>> >
>> > Adam
>> >
>> >
>> >
>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
>> > Sent: Wednesday, May 04, 2016 3:34 PM
>> > To: af@afmug.com
>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
>> >
>> >
>> >
>> > Radios could be put on private ip so nobody from outside world can
>> access
>> > it. That is what we do.
>> >
>> > Tushar
>> >
>> >
>> >
>> >
>> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
>> li...@smarterbroadband.com>
>> > wrote:
>> >
>> > I have received a number of emails for ab...@light-gap.net saying
>> certain of
>> > our IP address are being used for attacks (see email text below).
>> >
>> >
>> >
>> > All IP addresses are in UBNT radios.  We are unable to remote
>> access any of
>> > the these radios now.  We see that the radio we are unable to access
>> > rebooted a couple of days ago.  A number of other radios show they
>> rebooted
>> > around the same time (in sequence) on the AP.  We are unable to
>> remote
>> > access any of those either. Other radios with longer uptime on the
>> AP’s are
>> > fine.
>> >
>> >
>> >
>> > We have a tech on route to one of the customer sites.
>> >
>> >
>> >
>> > We think the radios are being made into bots.  Anyone seen this or
>> anything
>> > like this?  Do the hackers need a username and password to hack a
>> radio?
>> > I.E.  Would a change of the password stop the changes being made to
>> the
>> > radios?  Any other thoughts, suggestions or ideas?
>> >
>> >
>> >
>> > Thanks
>> >
>> >
>> >
>> > Adam
>> >
>> >
>> >
>> > Email Text below:
>> >
>> >
>> >
>> > “This is a semi-automated e-mail from the LG-Mailproxy
>> authentication
>> > system, all requests have been approved manually by the
>> > system-administrators or are obviously unwanted (eg. requests to our
>> > spamtraps).
>> >
>> > For further questions or if additional information is needed please
>> reply to
>> > this email.
>> >
>> >
>> >
>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to
>> suspicious
>> > behaviour on our system.
>> >
>> > This happened already 1 times.
>> >
>> > It might be be part of a botnet, infected by a trojan/virus or
>> running
>> > brute-force attacks.
>> >
>> >
>> >
>> > Our affected destination servers: smtp.light-gap.net,
>> imap.light-gap.net
>> >
>> >
>> >
>> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6
>> > different usernames and wrong password:
>> >
>> > 2016-05-04T23:48:40+02:00 with username "
>> downloads.opensc

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Josh Luthman]

That is true.  They just added some fields for it.

I feel like Ubnt would add a dual WAN in the GUI if demand was there.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On May 4, 2016 9:55 PM, "Mathew Howard"  wrote:

> Yeah, I looked at setting it up that way at one point, but something
> didn't look like it was going to work quite the way I wanted it to... but I
> probably spent all of five minutes on it, so it may very well be possible.
> The way ePMP does it is really nice though... and simple.
>
> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman 
> wrote:
>
>> People do it for sure.  I want to say there was an example on the forums
>> or some where...
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:
>>
>>> I have our ePMP's setup to get their public IP via PPPoE, and the radio
>>> also gets a completely separate private management IP via DHCP, which is
>>> the only way you can remotely access the radio, and it doesn't even have to
>>> be in a separate vlan unless you want it to be... and it's one checkbox to
>>> configure it.
>>>
>>> I'm not sure if that can be duplicated on UBNT or not, since I haven't
>>> really tried yet, but at the very least it's a lot more complicated to
>>> configure.
>>>
>>>
>>>
>>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
>>> j...@imaginenetworksllc.com> wrote:
>>>
 It does...you just need to set it up that way.


 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373

 On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
 wrote:

> I really wish Ubiquiti radios had a separate management vlan option
> (in router mode), like ePMP does...
>
> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
> wrote:
>
>> I would encourage you to put your CPEs on a management vlan, in
>> RFC1918 space.
>>
>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>>  wrote:
>> > Hi Tushar
>> >
>> >
>> >
>> > We run all radios in NAT mode.
>> >
>> >
>> >
>> > Adam
>> >
>> >
>> >
>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
>> > Sent: Wednesday, May 04, 2016 3:34 PM
>> > To: af@afmug.com
>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
>> >
>> >
>> >
>> > Radios could be put on private ip so nobody from outside world can
>> access
>> > it. That is what we do.
>> >
>> > Tushar
>> >
>> >
>> >
>> >
>> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
>> li...@smarterbroadband.com>
>> > wrote:
>> >
>> > I have received a number of emails for ab...@light-gap.net saying
>> certain of
>> > our IP address are being used for attacks (see email text below).
>> >
>> >
>> >
>> > All IP addresses are in UBNT radios.  We are unable to remote
>> access any of
>> > the these radios now.  We see that the radio we are unable to access
>> > rebooted a couple of days ago.  A number of other radios show they
>> rebooted
>> > around the same time (in sequence) on the AP.  We are unable to
>> remote
>> > access any of those either. Other radios with longer uptime on the
>> AP’s are
>> > fine.
>> >
>> >
>> >
>> > We have a tech on route to one of the customer sites.
>> >
>> >
>> >
>> > We think the radios are being made into bots.  Anyone seen this or
>> anything
>> > like this?  Do the hackers need a username and password to hack a
>> radio?
>> > I.E.  Would a change of the password stop the changes being made to
>> the
>> > radios?  Any other thoughts, suggestions or ideas?
>> >
>> >
>> >
>> > Thanks
>> >
>> >
>> >
>> > Adam
>> >
>> >
>> >
>> > Email Text below:
>> >
>> >
>> >
>> > “This is a semi-automated e-mail from the LG-Mailproxy
>> authentication
>> > system, all requests have been approved manually by the
>> > system-administrators or are obviously unwanted (eg. requests to our
>> > spamtraps).
>> >
>> > For further questions or if additional information is needed please
>> reply to
>> > this email.
>> >
>> >
>> >
>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to
>> suspicious
>> > behaviour on our system.
>> >
>> > This happened already 1 times.
>> >
>> > It might be be part of a botnet, infected by a trojan/virus or
>> running
>> > brute-force attacks.
>> >
>> >
>> >
>> > Our affected destination servers: smtp.light-gap.net,
>> imap.light-gap.net
>> >
>> >
>> >
>> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6
>> > d

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Josh Luthman]

Public IP on Ubnt.  What else do you need to know?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On May 4, 2016 9:59 PM, "Eric Kuhnke"  wrote:

> The thread got this far and noone has wondered how the CPE was pwned in
> the first place?
>
> On Wed, May 4, 2016 at 6:55 PM, Mathew Howard 
> wrote:
>
>> Yeah, I looked at setting it up that way at one point, but something
>> didn't look like it was going to work quite the way I wanted it to... but I
>> probably spent all of five minutes on it, so it may very well be possible.
>> The way ePMP does it is really nice though... and simple.
>>
>> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman > > wrote:
>>
>>> People do it for sure.  I want to say there was an example on the forums
>>> or some where...
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>> On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:
>>>
 I have our ePMP's setup to get their public IP via PPPoE, and the radio
 also gets a completely separate private management IP via DHCP, which is
 the only way you can remotely access the radio, and it doesn't even have to
 be in a separate vlan unless you want it to be... and it's one checkbox to
 configure it.

 I'm not sure if that can be duplicated on UBNT or not, since I haven't
 really tried yet, but at the very least it's a lot more complicated to
 configure.



 On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
 j...@imaginenetworksllc.com> wrote:

> It does...you just need to set it up that way.
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
> wrote:
>
>> I really wish Ubiquiti radios had a separate management vlan option
>> (in router mode), like ePMP does...
>>
>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
>> wrote:
>>
>>> I would encourage you to put your CPEs on a management vlan, in
>>> RFC1918 space.
>>>
>>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>>>  wrote:
>>> > Hi Tushar
>>> >
>>> >
>>> >
>>> > We run all radios in NAT mode.
>>> >
>>> >
>>> >
>>> > Adam
>>> >
>>> >
>>> >
>>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
>>> > Sent: Wednesday, May 04, 2016 3:34 PM
>>> > To: af@afmug.com
>>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
>>> >
>>> >
>>> >
>>> > Radios could be put on private ip so nobody from outside world can
>>> access
>>> > it. That is what we do.
>>> >
>>> > Tushar
>>> >
>>> >
>>> >
>>> >
>>> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
>>> li...@smarterbroadband.com>
>>> > wrote:
>>> >
>>> > I have received a number of emails for ab...@light-gap.net saying
>>> certain of
>>> > our IP address are being used for attacks (see email text below).
>>> >
>>> >
>>> >
>>> > All IP addresses are in UBNT radios.  We are unable to remote
>>> access any of
>>> > the these radios now.  We see that the radio we are unable to
>>> access
>>> > rebooted a couple of days ago.  A number of other radios show they
>>> rebooted
>>> > around the same time (in sequence) on the AP.  We are unable to
>>> remote
>>> > access any of those either. Other radios with longer uptime on the
>>> AP’s are
>>> > fine.
>>> >
>>> >
>>> >
>>> > We have a tech on route to one of the customer sites.
>>> >
>>> >
>>> >
>>> > We think the radios are being made into bots.  Anyone seen this or
>>> anything
>>> > like this?  Do the hackers need a username and password to hack a
>>> radio?
>>> > I.E.  Would a change of the password stop the changes being made
>>> to the
>>> > radios?  Any other thoughts, suggestions or ideas?
>>> >
>>> >
>>> >
>>> > Thanks
>>> >
>>> >
>>> >
>>> > Adam
>>> >
>>> >
>>> >
>>> > Email Text below:
>>> >
>>> >
>>> >
>>> > “This is a semi-automated e-mail from the LG-Mailproxy
>>> authentication
>>> > system, all requests have been approved manually by the
>>> > system-administrators or are obviously unwanted (eg. requests to
>>> our
>>> > spamtraps).
>>> >
>>> > For further questions or if additional information is needed
>>> please reply to
>>> > this email.
>>> >
>>> >
>>> >
>>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to
>>> suspicious
>>> > behaviour on our system.
>>> >
>>> > This happened already 1 times.
>>> >
>>> > It might be be part of a botnet, infected by a trojan/virus or
>>> running
>>> 

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Mathew Howard]

The odd thing is, he says port 80 and 22 are blocked at his routers. The
only time I've seen UBNT radios get infected was when I accidentally left
port 80 open on an IP block.

On Wed, May 4, 2016 at 9:00 PM, Josh Luthman 
wrote:

> Public IP on Ubnt.  What else do you need to know?
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On May 4, 2016 9:59 PM, "Eric Kuhnke"  wrote:
>
>> The thread got this far and noone has wondered how the CPE was pwned in
>> the first place?
>>
>> On Wed, May 4, 2016 at 6:55 PM, Mathew Howard 
>> wrote:
>>
>>> Yeah, I looked at setting it up that way at one point, but something
>>> didn't look like it was going to work quite the way I wanted it to... but I
>>> probably spent all of five minutes on it, so it may very well be possible.
>>> The way ePMP does it is really nice though... and simple.
>>>
>>> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <
>>> j...@imaginenetworksllc.com> wrote:
>>>
 People do it for sure.  I want to say there was an example on the
 forums or some where...

 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373
 On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:

> I have our ePMP's setup to get their public IP via PPPoE, and the
> radio also gets a completely separate private management IP via DHCP, 
> which
> is the only way you can remotely access the radio, and it doesn't even 
> have
> to be in a separate vlan unless you want it to be... and it's one checkbox
> to configure it.
>
> I'm not sure if that can be duplicated on UBNT or not, since I haven't
> really tried yet, but at the very least it's a lot more complicated to
> configure.
>
>
>
> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
> j...@imaginenetworksllc.com> wrote:
>
>> It does...you just need to set it up that way.
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
>> wrote:
>>
>>> I really wish Ubiquiti radios had a separate management vlan option
>>> (in router mode), like ePMP does...
>>>
>>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
>>> wrote:
>>>
 I would encourage you to put your CPEs on a management vlan, in
 RFC1918 space.

 On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
  wrote:
 > Hi Tushar
 >
 >
 >
 > We run all radios in NAT mode.
 >
 >
 >
 > Adam
 >
 >
 >
 > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
 > Sent: Wednesday, May 04, 2016 3:34 PM
 > To: af@afmug.com
 > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
 >
 >
 >
 > Radios could be put on private ip so nobody from outside world
 can access
 > it. That is what we do.
 >
 > Tushar
 >
 >
 >
 >
 > On May 4, 2016, at 5:22 PM, SmarterBroadband <
 li...@smarterbroadband.com>
 > wrote:
 >
 > I have received a number of emails for ab...@light-gap.net
 saying certain of
 > our IP address are being used for attacks (see email text below).
 >
 >
 >
 > All IP addresses are in UBNT radios.  We are unable to remote
 access any of
 > the these radios now.  We see that the radio we are unable to
 access
 > rebooted a couple of days ago.  A number of other radios show
 they rebooted
 > around the same time (in sequence) on the AP.  We are unable to
 remote
 > access any of those either. Other radios with longer uptime on
 the AP’s are
 > fine.
 >
 >
 >
 > We have a tech on route to one of the customer sites.
 >
 >
 >
 > We think the radios are being made into bots.  Anyone seen this
 or anything
 > like this?  Do the hackers need a username and password to hack a
 radio?
 > I.E.  Would a change of the password stop the changes being made
 to the
 > radios?  Any other thoughts, suggestions or ideas?
 >
 >
 >
 > Thanks
 >
 >
 >
 > Adam
 >
 >
 >
 > Email Text below:
 >
 >
 >
 > “This is a semi-automated e-mail from the LG-Mailproxy
 authentication
 > system, all requests have been approved manually by the
 > system-administrators or are obviously unwanted (eg. requests to
 our
 > spamtraps

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Eric Kuhnke]

I know about the very old firmware version for M series stuff that is
vulnerable to a known worm.

But let's assume you do have ubnt devices with public IPs (which is a bad
idea). What's the attack surface? http, https, ssh, snmp

Provided you have chosen a reasonably complex admin login and password
there are no *current, known* remote root exploits for current (or within
the past 2 years) ubnt firmware on M or AC devices, right?


On Wed, May 4, 2016 at 7:00 PM, Josh Luthman 
wrote:

> Public IP on Ubnt.  What else do you need to know?
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On May 4, 2016 9:59 PM, "Eric Kuhnke"  wrote:
>
>> The thread got this far and noone has wondered how the CPE was pwned in
>> the first place?
>>
>> On Wed, May 4, 2016 at 6:55 PM, Mathew Howard 
>> wrote:
>>
>>> Yeah, I looked at setting it up that way at one point, but something
>>> didn't look like it was going to work quite the way I wanted it to... but I
>>> probably spent all of five minutes on it, so it may very well be possible.
>>> The way ePMP does it is really nice though... and simple.
>>>
>>> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <
>>> j...@imaginenetworksllc.com> wrote:
>>>
 People do it for sure.  I want to say there was an example on the
 forums or some where...

 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373
 On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:

> I have our ePMP's setup to get their public IP via PPPoE, and the
> radio also gets a completely separate private management IP via DHCP, 
> which
> is the only way you can remotely access the radio, and it doesn't even 
> have
> to be in a separate vlan unless you want it to be... and it's one checkbox
> to configure it.
>
> I'm not sure if that can be duplicated on UBNT or not, since I haven't
> really tried yet, but at the very least it's a lot more complicated to
> configure.
>
>
>
> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
> j...@imaginenetworksllc.com> wrote:
>
>> It does...you just need to set it up that way.
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
>> wrote:
>>
>>> I really wish Ubiquiti radios had a separate management vlan option
>>> (in router mode), like ePMP does...
>>>
>>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds 
>>> wrote:
>>>
 I would encourage you to put your CPEs on a management vlan, in
 RFC1918 space.

 On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
  wrote:
 > Hi Tushar
 >
 >
 >
 > We run all radios in NAT mode.
 >
 >
 >
 > Adam
 >
 >
 >
 > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
 > Sent: Wednesday, May 04, 2016 3:34 PM
 > To: af@afmug.com
 > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
 >
 >
 >
 > Radios could be put on private ip so nobody from outside world
 can access
 > it. That is what we do.
 >
 > Tushar
 >
 >
 >
 >
 > On May 4, 2016, at 5:22 PM, SmarterBroadband <
 li...@smarterbroadband.com>
 > wrote:
 >
 > I have received a number of emails for ab...@light-gap.net
 saying certain of
 > our IP address are being used for attacks (see email text below).
 >
 >
 >
 > All IP addresses are in UBNT radios.  We are unable to remote
 access any of
 > the these radios now.  We see that the radio we are unable to
 access
 > rebooted a couple of days ago.  A number of other radios show
 they rebooted
 > around the same time (in sequence) on the AP.  We are unable to
 remote
 > access any of those either. Other radios with longer uptime on
 the AP’s are
 > fine.
 >
 >
 >
 > We have a tech on route to one of the customer sites.
 >
 >
 >
 > We think the radios are being made into bots.  Anyone seen this
 or anything
 > like this?  Do the hackers need a username and password to hack a
 radio?
 > I.E.  Would a change of the password stop the changes being made
 to the
 > radios?  Any other thoughts, suggestions or ideas?
 >
 >
 >
 > Thanks
 >
 >
 >
 > Adam
 >
 >
 >
 > Email Text below:
 >
 >
 >
>>

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[timothy steele]

There is also a Linux worm going around that exploits devices with default
username and passwords the latest firmware for ubnt will force you to
change the password

On Wed, May 4, 2016, 10:12 PM Eric Kuhnke  wrote:

> I know about the very old firmware version for M series stuff that is
> vulnerable to a known worm.
>
> But let's assume you do have ubnt devices with public IPs (which is a bad
> idea). What's the attack surface? http, https, ssh, snmp
>
> Provided you have chosen a reasonably complex admin login and password
> there are no *current, known* remote root exploits for current (or within
> the past 2 years) ubnt firmware on M or AC devices, right?
>
>
> On Wed, May 4, 2016 at 7:00 PM, Josh Luthman 
> wrote:
>
>> Public IP on Ubnt.  What else do you need to know?
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> On May 4, 2016 9:59 PM, "Eric Kuhnke"  wrote:
>>
>>> The thread got this far and noone has wondered how the CPE was pwned in
>>> the first place?
>>>
>>> On Wed, May 4, 2016 at 6:55 PM, Mathew Howard 
>>> wrote:
>>>
 Yeah, I looked at setting it up that way at one point, but something
 didn't look like it was going to work quite the way I wanted it to... but I
 probably spent all of five minutes on it, so it may very well be possible.
 The way ePMP does it is really nice though... and simple.

 On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <
 j...@imaginenetworksllc.com> wrote:

> People do it for sure.  I want to say there was an example on the
> forums or some where...
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:
>
>> I have our ePMP's setup to get their public IP via PPPoE, and the
>> radio also gets a completely separate private management IP via DHCP, 
>> which
>> is the only way you can remotely access the radio, and it doesn't even 
>> have
>> to be in a separate vlan unless you want it to be... and it's one 
>> checkbox
>> to configure it.
>>
>> I'm not sure if that can be duplicated on UBNT or not, since I
>> haven't really tried yet, but at the very least it's a lot more 
>> complicated
>> to configure.
>>
>>
>>
>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> It does...you just need to set it up that way.
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
>>> wrote:
>>>
 I really wish Ubiquiti radios had a separate management vlan option
 (in router mode), like ePMP does...

 On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds >>> > wrote:

> I would encourage you to put your CPEs on a management vlan, in
> RFC1918 space.
>
> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>  wrote:
> > Hi Tushar
> >
> >
> >
> > We run all radios in NAT mode.
> >
> >
> >
> > Adam
> >
> >
> >
> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
> > Sent: Wednesday, May 04, 2016 3:34 PM
> > To: af@afmug.com
> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
> >
> >
> >
> > Radios could be put on private ip so nobody from outside world
> can access
> > it. That is what we do.
> >
> > Tushar
> >
> >
> >
> >
> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
> li...@smarterbroadband.com>
> > wrote:
> >
> > I have received a number of emails for ab...@light-gap.net
> saying certain of
> > our IP address are being used for attacks (see email text below).
> >
> >
> >
> > All IP addresses are in UBNT radios.  We are unable to remote
> access any of
> > the these radios now.  We see that the radio we are unable to
> access
> > rebooted a couple of days ago.  A number of other radios show
> they rebooted
> > around the same time (in sequence) on the AP.  We are unable to
> remote
> > access any of those either. Other radios with longer uptime on
> the AP’s are
> > fine.
> >
> >
> >
> > We have a tech on route to one of the customer sites.
> >
> >
> >
> > We think the radios are being made into bots.  Anyone seen this
> or anything
> > like this?  Do the hackers need a username and

Re: [AFMUG] Source for equipment enclosures

[Bruce Robertson]

Chuck, you are always our guy!

Sent from my iPad

> On May 4, 2016, at 2:45 PM, Chuck McCown  wrote:
> 
> OK
>  
> I am probably not your guy anyway, I have made some metal pedestals for DLC 
> cabinets and other things like that.
>  
> I am limited in the size of my press brake and shear.  I can plasma cut and 
> weld all day long.  But when someone needs small intricate parts bent up I 
> have my limits. 
>  
> From: Wireless Administrator
> Sent: Wednesday, May 04, 2016 3:43 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] Source for equipment enclosures
>  
> Chuck I’ve got an engineering document prepared by them but in all fairness I 
> should not re-distribute it.  If you’re interested I can describe it off list.
>  
> Steve B.
>  
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown
> Sent: Wednesday, May 04, 2016 5:37 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] Source for equipment enclosures
>  
> Depends on the design.  I do some fabrication like this.
> Nothing too fancy. 
>  
> From: Wireless Administrator
> Sent: Wednesday, May 04, 2016 3:33 PM
> To: af@afmug.com
> Subject: [AFMUG] Source for equipment enclosures
>  
> Can anyone recommendation a supplier for custom stainless equipment 
> enclosures in the $1700 range.  Based on comments here we contracted to have 
> ours built by Bison ProFab but that has been a disaster.  We started working 
> with them on 2/11 and they still do not have our first enclosure completed.  
> None of the commitments they made have been realized. 
>  
> Can anyone recommend a reliable source?
>  
> Steve B.
>  
> !DSPAM:2,572a6d78150638569723818!

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Josh Reynolds]

Could be a yet as unidentified SSL exploit...
On May 4, 2016 9:12 PM, "Eric Kuhnke"  wrote:

> I know about the very old firmware version for M series stuff that is
> vulnerable to a known worm.
>
> But let's assume you do have ubnt devices with public IPs (which is a bad
> idea). What's the attack surface? http, https, ssh, snmp
>
> Provided you have chosen a reasonably complex admin login and password
> there are no *current, known* remote root exploits for current (or within
> the past 2 years) ubnt firmware on M or AC devices, right?
>
>
> On Wed, May 4, 2016 at 7:00 PM, Josh Luthman 
> wrote:
>
>> Public IP on Ubnt.  What else do you need to know?
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> On May 4, 2016 9:59 PM, "Eric Kuhnke"  wrote:
>>
>>> The thread got this far and noone has wondered how the CPE was pwned in
>>> the first place?
>>>
>>> On Wed, May 4, 2016 at 6:55 PM, Mathew Howard 
>>> wrote:
>>>
 Yeah, I looked at setting it up that way at one point, but something
 didn't look like it was going to work quite the way I wanted it to... but I
 probably spent all of five minutes on it, so it may very well be possible.
 The way ePMP does it is really nice though... and simple.

 On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <
 j...@imaginenetworksllc.com> wrote:

> People do it for sure.  I want to say there was an example on the
> forums or some where...
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:
>
>> I have our ePMP's setup to get their public IP via PPPoE, and the
>> radio also gets a completely separate private management IP via DHCP, 
>> which
>> is the only way you can remotely access the radio, and it doesn't even 
>> have
>> to be in a separate vlan unless you want it to be... and it's one 
>> checkbox
>> to configure it.
>>
>> I'm not sure if that can be duplicated on UBNT or not, since I
>> haven't really tried yet, but at the very least it's a lot more 
>> complicated
>> to configure.
>>
>>
>>
>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> It does...you just need to set it up that way.
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
>>> wrote:
>>>
 I really wish Ubiquiti radios had a separate management vlan option
 (in router mode), like ePMP does...

 On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds >>> > wrote:

> I would encourage you to put your CPEs on a management vlan, in
> RFC1918 space.
>
> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>  wrote:
> > Hi Tushar
> >
> >
> >
> > We run all radios in NAT mode.
> >
> >
> >
> > Adam
> >
> >
> >
> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
> > Sent: Wednesday, May 04, 2016 3:34 PM
> > To: af@afmug.com
> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
> >
> >
> >
> > Radios could be put on private ip so nobody from outside world
> can access
> > it. That is what we do.
> >
> > Tushar
> >
> >
> >
> >
> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
> li...@smarterbroadband.com>
> > wrote:
> >
> > I have received a number of emails for ab...@light-gap.net
> saying certain of
> > our IP address are being used for attacks (see email text below).
> >
> >
> >
> > All IP addresses are in UBNT radios.  We are unable to remote
> access any of
> > the these radios now.  We see that the radio we are unable to
> access
> > rebooted a couple of days ago.  A number of other radios show
> they rebooted
> > around the same time (in sequence) on the AP.  We are unable to
> remote
> > access any of those either. Other radios with longer uptime on
> the AP’s are
> > fine.
> >
> >
> >
> > We have a tech on route to one of the customer sites.
> >
> >
> >
> > We think the radios are being made into bots.  Anyone seen this
> or anything
> > like this?  Do the hackers need a username and password to hack
> a radio?
> > I.E.  Would a change of the password stop the changes being made
> 

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Eric Kuhnke]

If people are sitting on a remote root SSL exploit that's not public, I
think it'll be used for something far more lucrative than turning ubnt CPEs
into relays for smtp spam.

But unrelated to ubnt, there *are* some recent openssl security issues that
have been addressed in the latest updates for centos, debian, ubuntu, etc.
Time to update.

https://www.openssl.org/news/secadv/20160503.txt

On Wed, May 4, 2016 at 7:53 PM, Josh Reynolds  wrote:

> Could be a yet as unidentified SSL exploit...
> On May 4, 2016 9:12 PM, "Eric Kuhnke"  wrote:
>
>> I know about the very old firmware version for M series stuff that is
>> vulnerable to a known worm.
>>
>> But let's assume you do have ubnt devices with public IPs (which is a bad
>> idea). What's the attack surface? http, https, ssh, snmp
>>
>> Provided you have chosen a reasonably complex admin login and password
>> there are no *current, known* remote root exploits for current (or
>> within the past 2 years) ubnt firmware on M or AC devices, right?
>>
>>
>> On Wed, May 4, 2016 at 7:00 PM, Josh Luthman > > wrote:
>>
>>> Public IP on Ubnt.  What else do you need to know?
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>> On May 4, 2016 9:59 PM, "Eric Kuhnke"  wrote:
>>>
 The thread got this far and noone has wondered how the CPE was pwned in
 the first place?

 On Wed, May 4, 2016 at 6:55 PM, Mathew Howard 
 wrote:

> Yeah, I looked at setting it up that way at one point, but something
> didn't look like it was going to work quite the way I wanted it to... but 
> I
> probably spent all of five minutes on it, so it may very well be possible.
> The way ePMP does it is really nice though... and simple.
>
> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <
> j...@imaginenetworksllc.com> wrote:
>
>> People do it for sure.  I want to say there was an example on the
>> forums or some where...
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:
>>
>>> I have our ePMP's setup to get their public IP via PPPoE, and the
>>> radio also gets a completely separate private management IP via DHCP, 
>>> which
>>> is the only way you can remotely access the radio, and it doesn't even 
>>> have
>>> to be in a separate vlan unless you want it to be... and it's one 
>>> checkbox
>>> to configure it.
>>>
>>> I'm not sure if that can be duplicated on UBNT or not, since I
>>> haven't really tried yet, but at the very least it's a lot more 
>>> complicated
>>> to configure.
>>>
>>>
>>>
>>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
>>> j...@imaginenetworksllc.com> wrote:
>>>
 It does...you just need to set it up that way.


 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373

 On Wed, May 4, 2016 at 7:54 PM, Mathew Howard >>> > wrote:

> I really wish Ubiquiti radios had a separate management vlan
> option (in router mode), like ePMP does...
>
> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds <
> j...@kyneticwifi.com> wrote:
>
>> I would encourage you to put your CPEs on a management vlan, in
>> RFC1918 space.
>>
>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>>  wrote:
>> > Hi Tushar
>> >
>> >
>> >
>> > We run all radios in NAT mode.
>> >
>> >
>> >
>> > Adam
>> >
>> >
>> >
>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar
>> Patel
>> > Sent: Wednesday, May 04, 2016 3:34 PM
>> > To: af@afmug.com
>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
>> >
>> >
>> >
>> > Radios could be put on private ip so nobody from outside world
>> can access
>> > it. That is what we do.
>> >
>> > Tushar
>> >
>> >
>> >
>> >
>> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
>> li...@smarterbroadband.com>
>> > wrote:
>> >
>> > I have received a number of emails for ab...@light-gap.net
>> saying certain of
>> > our IP address are being used for attacks (see email text
>> below).
>> >
>> >
>> >
>> > All IP addresses are in UBNT radios.  We are unable to remote
>> access any of
>> > the these radios now.  We see that the radio we are unable to
>> access
>> > rebooted a couple of days ago.  A number of other radios show
>>

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Brian Meredith]

We've gotten a couple of the same notices in the past few days; our CPE is
on RFC 1918 IP addresses with no gateway to the outside world, so I'm going
to assume it's something behind the CPE (either a router or customer
device).

We've had a couple of cases where routers had an exploitable  and rooted
remotely and loaded with software to do stuff like this.

http://routersecurity.org/bugs.php



On Wed, May 4, 2016 at 8:13 PM, Eric Kuhnke  wrote:

> If people are sitting on a remote root SSL exploit that's not public, I
> think it'll be used for something far more lucrative than turning ubnt CPEs
> into relays for smtp spam.
>
> But unrelated to ubnt, there *are* some recent openssl security issues
> that have been addressed in the latest updates for centos, debian, ubuntu,
> etc. Time to update.
>
> https://www.openssl.org/news/secadv/20160503.txt
>
> On Wed, May 4, 2016 at 7:53 PM, Josh Reynolds 
> wrote:
>
>> Could be a yet as unidentified SSL exploit...
>> On May 4, 2016 9:12 PM, "Eric Kuhnke"  wrote:
>>
>>> I know about the very old firmware version for M series stuff that is
>>> vulnerable to a known worm.
>>>
>>> But let's assume you do have ubnt devices with public IPs (which is a
>>> bad idea). What's the attack surface? http, https, ssh, snmp
>>>
>>> Provided you have chosen a reasonably complex admin login and password
>>> there are no *current, known* remote root exploits for current (or
>>> within the past 2 years) ubnt firmware on M or AC devices, right?
>>>
>>>
>>> On Wed, May 4, 2016 at 7:00 PM, Josh Luthman <
>>> j...@imaginenetworksllc.com> wrote:
>>>
 Public IP on Ubnt.  What else do you need to know?

 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373
 On May 4, 2016 9:59 PM, "Eric Kuhnke"  wrote:

> The thread got this far and noone has wondered how the CPE was pwned
> in the first place?
>
> On Wed, May 4, 2016 at 6:55 PM, Mathew Howard 
> wrote:
>
>> Yeah, I looked at setting it up that way at one point, but something
>> didn't look like it was going to work quite the way I wanted it to... 
>> but I
>> probably spent all of five minutes on it, so it may very well be 
>> possible.
>> The way ePMP does it is really nice though... and simple.
>>
>> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> People do it for sure.  I want to say there was an example on the
>>> forums or some where...
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>> On May 4, 2016 9:35 PM, "Mathew Howard" 
>>> wrote:
>>>
 I have our ePMP's setup to get their public IP via PPPoE, and the
 radio also gets a completely separate private management IP via DHCP, 
 which
 is the only way you can remotely access the radio, and it doesn't even 
 have
 to be in a separate vlan unless you want it to be... and it's one 
 checkbox
 to configure it.

 I'm not sure if that can be duplicated on UBNT or not, since I
 haven't really tried yet, but at the very least it's a lot more 
 complicated
 to configure.



 On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
 j...@imaginenetworksllc.com> wrote:

> It does...you just need to set it up that way.
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard <
> mhoward...@gmail.com> wrote:
>
>> I really wish Ubiquiti radios had a separate management vlan
>> option (in router mode), like ePMP does...
>>
>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds <
>> j...@kyneticwifi.com> wrote:
>>
>>> I would encourage you to put your CPEs on a management vlan, in
>>> RFC1918 space.
>>>
>>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>>>  wrote:
>>> > Hi Tushar
>>> >
>>> >
>>> >
>>> > We run all radios in NAT mode.
>>> >
>>> >
>>> >
>>> > Adam
>>> >
>>> >
>>> >
>>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar
>>> Patel
>>> > Sent: Wednesday, May 04, 2016 3:34 PM
>>> > To: af@afmug.com
>>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
>>> >
>>> >
>>> >
>>> > Radios could be put on private ip so nobody from outside world
>>> can access
>>> > it. That is what we do.
>>> >
>>> > Tushar
>>> >
>>> >

[AFMUG] May the fourth be with you, young Jedi

[Sean Heskett]

https://youtu.be/Uj1ykZWtPYI

-Sean

Re: [AFMUG] UBNT CPE being used for Abusive actions?

[Mathew Howard]

5.6.2, I think, fixed one of them more serious security flaws, and that was
released less than a year ago... and it looks like 5.6.3 and 5.6.4 (which
was released very recently) also had security fixes. I believe most of
those vulnerabilities applied to the AC and airFiber firmware as well.

Ubiquiti has been good about releasing fixes quickly when they find
vulnerabilities, but that doesn't help if nobody bothers to update anything.

On Wed, May 4, 2016 at 9:12 PM, Eric Kuhnke  wrote:

> I know about the very old firmware version for M series stuff that is
> vulnerable to a known worm.
>
> But let's assume you do have ubnt devices with public IPs (which is a bad
> idea). What's the attack surface? http, https, ssh, snmp
>
> Provided you have chosen a reasonably complex admin login and password
> there are no *current, known* remote root exploits for current (or within
> the past 2 years) ubnt firmware on M or AC devices, right?
>
>
> On Wed, May 4, 2016 at 7:00 PM, Josh Luthman 
> wrote:
>
>> Public IP on Ubnt.  What else do you need to know?
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> On May 4, 2016 9:59 PM, "Eric Kuhnke"  wrote:
>>
>>> The thread got this far and noone has wondered how the CPE was pwned in
>>> the first place?
>>>
>>> On Wed, May 4, 2016 at 6:55 PM, Mathew Howard 
>>> wrote:
>>>
 Yeah, I looked at setting it up that way at one point, but something
 didn't look like it was going to work quite the way I wanted it to... but I
 probably spent all of five minutes on it, so it may very well be possible.
 The way ePMP does it is really nice though... and simple.

 On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <
 j...@imaginenetworksllc.com> wrote:

> People do it for sure.  I want to say there was an example on the
> forums or some where...
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On May 4, 2016 9:35 PM, "Mathew Howard"  wrote:
>
>> I have our ePMP's setup to get their public IP via PPPoE, and the
>> radio also gets a completely separate private management IP via DHCP, 
>> which
>> is the only way you can remotely access the radio, and it doesn't even 
>> have
>> to be in a separate vlan unless you want it to be... and it's one 
>> checkbox
>> to configure it.
>>
>> I'm not sure if that can be duplicated on UBNT or not, since I
>> haven't really tried yet, but at the very least it's a lot more 
>> complicated
>> to configure.
>>
>>
>>
>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> It does...you just need to set it up that way.
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard 
>>> wrote:
>>>
 I really wish Ubiquiti radios had a separate management vlan option
 (in router mode), like ePMP does...

 On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds >>> > wrote:

> I would encourage you to put your CPEs on a management vlan, in
> RFC1918 space.
>
> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband
>  wrote:
> > Hi Tushar
> >
> >
> >
> > We run all radios in NAT mode.
> >
> >
> >
> > Adam
> >
> >
> >
> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel
> > Sent: Wednesday, May 04, 2016 3:34 PM
> > To: af@afmug.com
> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions?
> >
> >
> >
> > Radios could be put on private ip so nobody from outside world
> can access
> > it. That is what we do.
> >
> > Tushar
> >
> >
> >
> >
> > On May 4, 2016, at 5:22 PM, SmarterBroadband <
> li...@smarterbroadband.com>
> > wrote:
> >
> > I have received a number of emails for ab...@light-gap.net
> saying certain of
> > our IP address are being used for attacks (see email text below).
> >
> >
> >
> > All IP addresses are in UBNT radios.  We are unable to remote
> access any of
> > the these radios now.  We see that the radio we are unable to
> access
> > rebooted a couple of days ago.  A number of other radios show
> they rebooted
> > around the same time (in sequence) on the AP.  We are unable to
> remote
> > access any of those either. Other radios with longer uptime on
> the AP’s are
> > fine.
> >
>>>