date:20160516

That sounds really backwards compared to most gear I'm familiar with.

On Mon, May 16, 2016 at 6:18 PM, Ken Hohhof  wrote:

> I have a question while we are on the topic:  what color is the last LED
> on your 450i AP when it is running at 1000 Mbps?  I know it’s green at 100
> Mbps, but what about 1000 Mbps?  I know the user guide says orange, but is
> that what your AP actually does?
>
>
> *From:* David 
> *Sent:* Monday, May 16, 2016 3:22 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running
> 100Mbps
>
> I am only catching part of this thread so dont throw anything at me for
> not reading the whole thread.
> 450i radios are rated for the 56v unlike the 450 radios they are rated for
> cambium std 29v
> This is the reason I am having to upgrade all of my boxes to 48v plant as
> its base supply.
>
>
> On 05/16/2016 11:35 AM, Chuck McCown wrote:
>
> I have an idea.  Working on an experiment.
>
> *From:* Wireless Administrator 
> *Sent:* Monday, May 16, 2016 8:56 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running
> 100Mbps
>
>
> Thanks for having a look at this for us.  It sure doesn’t make sense to
> me.  The system  continues to run 1000Base-T Full Duplex here with the
> Cambium units.  I’m sure there is a reason but it looks like this one’s
> above my pay grade.
>
>
>
> Steve B.
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com ] *On
> Behalf Of *ch...@wbmfg.com
> *Sent:* Sunday, May 15, 2016 2:26 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running
> 100Mbps
>
>
>
> No Joy.  Everything checks out 100%.
>
>
>
> I bought one the cambium units for comparison.  Its impulse breakdown
> voltage is about 5 volts to ground lower than my unit for single pin to
> ground.  Transverse impulses are clamped much lower on the cambium unit but
> normally that is not an issue.
>
>
>
> Pin to pin and pin to ground I have less capacitive loading than the
> cambium unit.
>
>
>
> They have some other circuitry that I have yet to puzzle out.
>
> Something that is not related to surge suppression.
>
>
>
> In any event, your unit, a brand new unit from my stock and the cambium
> unit all show 1Gbps on the traffic tester and all show good wiring
> continuity and all show good breakdown voltage pin to ground.  Visual
> inspections are not revealing any solder bridges or manufacturing issues
>
>
>
> A puzzle for certain.  But I am not finished.  Stay tuned...
>
>
>
> *From:* Wireless Administrator 
>
> *Sent:* Friday, May 6, 2016 9:16 AM
>
> *To:* af@afmug.com
>
> *Subject:* [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps
>
>
>
> *Replaced This ……*
>
>
>
> [image: surge1.jpeg]
>
>
>
> *With This …….*
>
>
>
> [image: surge02.jpeg]
>
>
>
> *On same ground point and got This ……*
>
>
>
> *[image: surge03.PNG]*
>
>
>
> *:-)*
>
>
>
> Except I want this to work …….
>
>
>
> [image: surge1.jpeg]
>
>
>
> *L*
>
> *Extra effort to ensure clear pictures and easy to read story line ……*
>
>
>
> *Steve*
>
>
>
>
>
> *From:* Wireless Administrator [mailto:wirel...@htn.net ]
>
> *Sent:* Friday, April 29, 2016 12:03 PM
> *To:* 'af@afmug.com'
> *Subject:* Gigabit Ethernet on Cambium 450i
>
>
> We’re not able to get our Cambium 450i radio’s Ethernet Interface to run
> at Gigabit speed.  Our setup is as follows: Gigabit switch (Tried several
> brands) à14’ Cat6 Patch àGigabit Sync injector (48V) à 35’ Best-tronics
> Cat5 Shielded à 800-800-GIGE-APC-HV à 80’ Best-tronics Cat5 Shielded à
> Cambium 450i It works without the 800-800-GIGE-APC-HV. (Cat5 Coupler). Anyone
> ……….   Steve B.
>
>
>
>
>

Re: [AFMUG] Upstream BGP Questionairre

2016-05-16 Thread Erich Kaiser

Some people want default route and full routes because of route
propagation/population, this way if your session resets you at least can
get online right away.


Erich Kaiser
North Central Tower
er...@northcentraltower.com
Office: 630-621-4804
Cell: 630-777-9291


On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz 
wrote:

> What I meant to ask is .
>
> Why get the default route via BGP from your Upstream... Why not set is
> statically (ip sla track, or monitor gateway etc).
>
> IF your bgp sessions goes down, then your prefixes are withdrawn anyway..
> so I am not sure what that will cover you for..
>
> In regards to OSPF redistributing default routes, I believe managing a
> statically done default route is  easier and safer to inject and manage, vs
> one coming from your upstream.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
> --
>
> *From: *"Cassidy B. Larson" 
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 11:18:16 AM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> We do a cisco ip sla track to make sure BGP is up on the upstream facing
> interface for the static default to be valid.
>
> On May 16, 2016, at 9:04 AM, Faisal Imtiaz 
> wrote:
> Interesting Carl, doing a manual static default route does not do the
> trick for you ?
>
> Regards.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
> 
>
> --
>
> *From: *"Carl Peterson" 
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 10:42:35 AM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> For #3, I generally ask for full route + a default.  The default is for
> default information originate for OSPF.  If there isn't a default in the
> routing table, my edge router won't advertise a default to non-bgb ospf
> peers.  You don't want a static default in case the peer goes down.
>
>
> On Mon, May 16, 2016 at 7:20 AM, Josh Baird  wrote:
>
>> Many providers refer to this as 'RTBH' (remotely triggered blackhole
>> filtering).
>> Josh
>>
>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> that request, lacking my fundamental understanding of the terminology,
>>> would be phrased how?
>>>
>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird  wrote:
>>>
 Yes, it requires your upstream to support a blackhole BGP community.
 This allows you to advertise host routes (/32 or smaller) to them using a
 specific BGP community when you want your ISP to drop all traffic for the
 prefix before it reaches you.  This is -very- useful for DDoS defense.
 Josh

 On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
 thatoneguyst...@gmail.com> wrote:

> That requires something specific?
> On May 14, 2016 7:33 AM, "Erich Kaiser" 
> wrote:
>
>> We have started requiring our upstreams to filter by ASN vs
>> Netblock.  We are moving away from upstreams that do not utilize IRR
>> Entries and require intervention every time we want to make a change, but
>> it is continuous for us, so for most guys the one time setup is not a big
>> deal, plus the upstream has to be trusting enough that we will have the
>> correct filtering on our end.
>>
>> Steve, I would add Blackhole BGP community or session to your list.
>>
>> Erich Kaiser
>> The Fusion Network
>> er...@gotfusion.net
>> Office: 630-621-4804
>> Cell: 630-777-9291
>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart 
>> wrote:
>>
>>> Or, quite a number of carriers (especially in APAC, some carriers in
>>> Canada, a few in the US, and definitely a large number in Europe) will 
>>> say
>>> “do you have an IRR entry at RADB?” and if you say yes then they will 
>>> use
>>> the route object information but if you say no then they will tell you 
>>> to
>>> open a ticket with their NOC each time you have a prefix to add/remove 
>>> ….
>>>
>>>
>>> I’m actually surprised by the number of transit providers that
>>> don’t’ support automation via IRR
>>>
>>>
>>> Paul
>>>
>>>
>>>
>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal
>>> Imtiaz
>>> *Sent:* May 13, 2016 9:25 PM
>>> *To:* af@afmug.com
>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre
>>>
>>>
>>> Let me clarify this a bit more...
>>>
>>>
>>> You are recommending that one creates it's own AS Object in the
>>> IRR..(aka learns and manages their own RR entries) (it really does not
>>> matter which IRR it is, at the end of the day they are all sort of 
>>> synced,
>>> it is only a question of who is maintaining it, and who c

Re: [AFMUG] Upstream BGP Questionairre

2016-05-16 Thread Faisal Imtiaz

Yeah, that was about the only thing I could come up with as being the most 
practical reason (e.g. when doing bgp on a CCR etc). 
but even then the logic validity of this as a solution to the problem is 
questionable, however giving the appearance of a possible solution... I will 
buy that .. 

But then again, I may be just splitting hairs... 

:) 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "Erich Kaiser" 
> To: af@afmug.com
> Sent: Monday, May 16, 2016 8:03:32 PM
> Subject: Re: [AFMUG] Upstream BGP Questionairre

> Some people want default route and full routes because of route
> propagation/population, this way if your session resets you at least can get
> online right away.

> Erich Kaiser
> North Central Tower
> er...@northcentraltower.com
> Office: 630-621-4804
> Cell: 630-777-9291

> On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz < fai...@snappytelecom.net >
> wrote:

>> What I meant to ask is .

>> Why get the default route via BGP from your Upstream... Why not set is
>> statically (ip sla track, or monitor gateway etc).

>> IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. so 
>> I
>> am not sure what that will cover you for..

>> In regards to OSPF redistributing default routes, I believe managing a
>> statically done default route is easier and safer to inject and manage, vs 
>> one
>> coming from your upstream.

>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232

>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

>>> From: "Cassidy B. Larson" < c...@infowest.com >
>>> To: af@afmug.com
>>> Sent: Monday, May 16, 2016 11:18:16 AM
>>> Subject: Re: [AFMUG] Upstream BGP Questionairre

>>> We do a cisco ip sla track to make sure BGP is up on the upstream facing
>>> interface for the static default to be valid.

 On May 16, 2016, at 9:04 AM, Faisal Imtiaz < fai...@snappytelecom.net > 
 wrote:
 Interesting Carl, doing a manual static default route does not do the 
 trick
 for you ?

 Regards.

 Faisal Imtiaz
 Snappy Internet & Telecom
 7266 SW 48 Street
 Miami, FL 33155
 Tel: 305 663 5518 x 232

 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

> From: "Carl Peterson" < cpeter...@portnetworks.com >
> To: af@afmug.com
> Sent: Monday, May 16, 2016 10:42:35 AM
> Subject: Re: [AFMUG] Upstream BGP Questionairre

> For #3, I generally ask for full route + a default. The default is for 
> default
> information originate for OSPF. If there isn't a default in the routing 
> table,
> my edge router won't advertise a default to non-bgb ospf peers. You don't 
> want
> a static default in case the peer goes down.

> On Mon, May 16, 2016 at 7:20 AM, Josh Baird < joshba...@gmail.com > wrote:

>> Many providers refer to this as 'RTBH' (remotely triggered blackhole 
>> filtering).
>> Josh

>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com > wrote:

>>> that request, lacking my fundamental understanding of the terminology, 
>>> would be
>>> phrased how?

>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > 
>>> wrote:

 Yes, it requires your upstream to support a blackhole BGP community. 
 This allows
 you to advertise host routes (/32 or smaller) to them using a specific 
 BGP
 community when you want your ISP to drop all traffic for the prefix 
 before it
 reaches you. This is -very- useful for DDoS defense.
 Josh

 On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
 thatoneguyst...@gmail.com > wrote:

> That requires something specific?
> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com 
> > wrote:

>> We have started requiring our upstreams to filter by ASN vs 
>> Netblock. We are
>> moving away from upstreams that do not utilize IRR Entries and 
>> require
>> intervention every time we want to make a change, but it is 
>> continuous for us,
>> so for most guys the one time setup is not a big deal, plus the 
>> upstream has to
>> be trusting enough that we will have the correct filtering on our 
>> end.

>> Steve, I would add Blackhole BGP community or session to your list.

>> Erich Kaiser
>> The Fusion Network
>> er...@gotfusion.net
>> Office: 630-621-4804
>> Cell: 630-777-9291
>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org 
>> > wrote:

>>> Or, quite a number of carriers (especially in APAC, some carriers 
>>> in Canada, a
>>

Re: [AFMUG] Upstream BGP Questionairre

I'm glad it's hairs and not atoms.

On Mon, May 16, 2016 at 7:33 PM, Faisal Imtiaz 
wrote:

> Yeah, that was about the only thing I could come up with as being the most
> practical reason (e.g. when doing bgp on a CCR etc).
> but even then the logic validity of this as a solution to the problem is
> questionable, however giving the appearance of a possible solution... I
> will buy that ..
>
> But then again, I may be just splitting hairs...
>
> :)
>
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
> --
>
> *From: *"Erich Kaiser" 
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:03:32 PM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> Some people want default route and full routes because of route
> propagation/population, this way if your session resets you at least can
> get online right away.
>
>
> Erich Kaiser
> North Central Tower
> er...@northcentraltower.com
> Office: 630-621-4804
> Cell: 630-777-9291
>
>
> On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz 
> wrote:
>
>> What I meant to ask is .
>>
>> Why get the default route via BGP from your Upstream... Why not set is
>> statically (ip sla track, or monitor gateway etc).
>>
>> IF your bgp sessions goes down, then your prefixes are withdrawn anyway..
>> so I am not sure what that will cover you for..
>>
>> In regards to OSPF redistributing default routes, I believe managing a
>> statically done default route is  easier and safer to inject and manage, vs
>> one coming from your upstream.
>>
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232
>>
>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>
>> --
>>
>> *From: *"Cassidy B. Larson" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 11:18:16 AM
>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>>
>> We do a cisco ip sla track to make sure BGP is up on the upstream facing
>> interface for the static default to be valid.
>>
>> On May 16, 2016, at 9:04 AM, Faisal Imtiaz 
>> wrote:
>> Interesting Carl, doing a manual static default route does not do the
>> trick for you ?
>>
>> Regards.
>>
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232
>>
>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>> 
>>
>> --
>>
>> *From: *"Carl Peterson" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 10:42:35 AM
>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>>
>> For #3, I generally ask for full route + a default.  The default is for
>> default information originate for OSPF.  If there isn't a default in the
>> routing table, my edge router won't advertise a default to non-bgb ospf
>> peers.  You don't want a static default in case the peer goes down.
>>
>>
>> On Mon, May 16, 2016 at 7:20 AM, Josh Baird  wrote:
>>
>>> Many providers refer to this as 'RTBH' (remotely triggered blackhole
>>> filtering).
>>> Josh
>>>
>>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
 that request, lacking my fundamental understanding of the terminology,
 would be phrased how?

 On Sat, May 14, 2016 at 5:56 PM, Josh Baird 
 wrote:

> Yes, it requires your upstream to support a blackhole BGP community.
> This allows you to advertise host routes (/32 or smaller) to them using a
> specific BGP community when you want your ISP to drop all traffic for the
> prefix before it reaches you.  This is -very- useful for DDoS defense.
> Josh
>
> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> That requires something specific?
>> On May 14, 2016 7:33 AM, "Erich Kaiser" 
>> wrote:
>>
>>> We have started requiring our upstreams to filter by ASN vs
>>> Netblock.  We are moving away from upstreams that do not utilize IRR
>>> Entries and require intervention every time we want to make a change, 
>>> but
>>> it is continuous for us, so for most guys the one time setup is not a 
>>> big
>>> deal, plus the upstream has to be trusting enough that we will have the
>>> correct filtering on our end.
>>>
>>> Steve, I would add Blackhole BGP community or session to your list.
>>>
>>> Erich Kaiser
>>> The Fusion Network
>>> er...@gotfusion.net
>>> Office: 630-621-4804
>>> Cell: 630-777-9291
>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart 
>>> wrote:
>>>
 Or, quite a number of carriers (especially in APAC, some carriers
 in Canada, a few in the US, and definitely a large number in Europe) 
 will
 say “do you have an IRR entry at RADB?” and if you say yes the

[AFMUG] ubnt malware

>From what im reading in their forums something set off over the weekend? or
is it ubnt douche nozzles?

It sounds almost as if this malware is actively being manipulated (changing
from key access to foul username/password, wandering control ports, etc,
like script kiddies found a new toy?

is this thing self propagating from the device?

-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

It's self replicating. They patched this long ago. It hits people with
radios on public IPs.
On May 16, 2016 8:19 PM, "That One Guy /sarcasm" 
wrote:

> From what im reading in their forums something set off over the weekend?
> or is it ubnt douche nozzles?
>
> It sounds almost as if this malware is actively being manipulated
> (changing from key access to foul username/password, wandering control
> ports, etc, like script kiddies found a new toy?
>
> is this thing self propagating from the device?
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

[AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

Anyone know the upgrade path or why this airgrid won't upgrade?

XW 5.5.10 , tried almost all firmware revisions and keep getting failed -5
error?

Thanks,

TJ

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

Make sure you're using upgrade and not upload... Also probably should be xm
firmware, not xw.
On May 16, 2016 8:30 PM, "TJ Trout"  wrote:

> Anyone know the upgrade path or why this airgrid won't upgrade?
>
> XW 5.5.10 , tried almost all firmware revisions and keep getting failed -5
> error?
>
> Thanks,
>
> TJ
>

Re: [AFMUG] ubnt malware

Initially... then every other radio (and switch) that radio can see. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Josh Reynolds"  
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:30:12 PM 
Subject: Re: [AFMUG] ubnt malware 

It's self replicating. They patched this long ago. It hits people with radios 
on public IPs. 
On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 

>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 

It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 

is this thing self propagating from the device? 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

A good amount of it is just people that don't know any better making false 
observations. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "That One Guy /sarcasm"  
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:19:00 PM 
Subject: [AFMUG] ubnt malware 


>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 


It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 


is this thing self propagating from the device? 


-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps


Cambium has been known to break the mold :)
Which is what I like in a product.


On 5/16/2016 6:51 PM, Josh Reynolds wrote:

That sounds really backwards compared to most gear I'm familiar with.

On Mon, May 16, 2016 at 6:18 PM, Ken Hohhof > wrote:


I have a question while we are on the topic: what color is the
last LED on your 450i AP when it is running at 1000 Mbps?  I know
it’s green at 100 Mbps, but what about 1000 Mbps?  I know the user
guide says orange, but is that what your AP actually does?
*From:* David 
*Sent:* Monday, May 16, 2016 3:22 PM
*To:* af@afmug.com 
*Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only
running 100Mbps
I am only catching part of this thread so dont throw anything at
me for not reading the whole thread.
450i radios are rated for the 56v unlike the 450 radios they are
rated for cambium std 29v
This is the reason I am having to upgrade all of my boxes to 48v
plant as its base supply.


On 05/16/2016 11:35 AM, Chuck McCown wrote:

I have an idea.  Working on an experiment.
*From:* Wireless Administrator 
*Sent:* Monday, May 16, 2016 8:56 AM
*To:* af@afmug.com 
*Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only
running 100Mbps

Thanks for having a look at this for us.  It sure doesn’t make
sense to me. The system  continues to run 1000Base-T Full Duplex
here with the Cambium units.  I’m sure there is a reason but it
looks like this one’s above my pay grade.

Steve B.

*From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of
*ch...@wbmfg.com 
*Sent:* Sunday, May 15, 2016 2:26 PM
*To:* af@afmug.com 
*Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only
running 100Mbps

No Joy.  Everything checks out 100%.

I bought one the cambium units for comparison.  Its impulse
breakdown voltage is about 5 volts to ground lower than my unit
for single pin to ground.  Transverse impulses are clamped much
lower on the cambium unit but normally that is not an issue.

Pin to pin and pin to ground I have less capacitive loading than
the cambium unit.

They have some other circuitry that I have yet to puzzle out.

Something that is not related to surge suppression.

In any event, your unit, a brand new unit from my stock and the
cambium unit all show 1Gbps on the traffic tester and all show
good wiring continuity and all show good breakdown voltage pin to
ground.  Visual inspections are not revealing any solder bridges
or manufacturing issues

A puzzle for certain.  But I am not finished.  Stay tuned...

*From:*Wireless Administrator 

*Sent:*Friday, May 6, 2016 9:16 AM

*To:*af@afmug.com 

*Subject:*[AFMUG] Gigabit Ethernet on Cambium 450i only running
100Mbps

*Replaced This ……*

surge1.jpeg

*With This …….*

surge02.jpeg

*On same ground point and got This ……*

**

*surge03.PNG*

**

*:-)*

Except I want this to work …….

surge1.jpeg

*L***

*Extra effort to ensure clear pictures and easy to read story
line ……*

**

*Steve*

*From:*Wireless Administrator [mailto:wirel...@htn.net]
*Sent:* Friday, April 29, 2016 12:03 PM
*To:* 'af@afmug.com '
*Subject:* Gigabit Ethernet on Cambium 450i


  We’re not able to get our Cambium 450i radio’s Ethernet
  Interface to run at Gigabit speed.


  Our setup is as follows:


  Gigabit switch (Tried several brands) à14’ Cat6 Patch àGigabit
  Sync injector (48V) à35’ Best-tronics Cat5 Shielded
  à800-800-GIGE-APC-HV à80’ Best-tronics Cat5 Shielded àCambium 450i


  It works without the 800-800-GIGE-APC-HV. (Cat5 Coupler).


  Anyone ……….


  Steve B.







--

Re: [AFMUG] ubnt malware

Or threatening to sue because of their own personal ignorance and
negligence.
On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:

> A good amount of it is just people that don't know any better making false
> observations.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"That One Guy /sarcasm" 
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:19:00 PM
> *Subject: *[AFMUG] ubnt malware
>
> From what im reading in their forums something set off over the weekend?
> or is it ubnt douche nozzles?
>
> It sounds almost as if this malware is actively being manipulated
> (changing from key access to foul username/password, wandering control
> ports, etc, like script kiddies found a new toy?
>
> is this thing self propagating from the device?
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>

Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps


Ive got one fired up on the bench Ill look when I get in tomorrow.


On 5/16/2016 6:18 PM, Ken Hohhof wrote:
I have a question while we are on the topic:  what color is the last 
LED on your 450i AP when it is running at 1000 Mbps?  I know it’s 
green at 100 Mbps, but what about 1000 Mbps?  I know the user guide 
says orange, but is that what your AP actually does?

*From:* David 
*Sent:* Monday, May 16, 2016 3:22 PM
*To:* af@afmug.com 
*Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 
100Mbps
I am only catching part of this thread so dont throw anything at me 
for not reading the whole thread.
450i radios are rated for the 56v unlike the 450 radios they are rated 
for cambium std 29v
This is the reason I am having to upgrade all of my boxes to 48v plant 
as its base supply.



On 05/16/2016 11:35 AM, Chuck McCown wrote:

I have an idea.  Working on an experiment.
*From:* Wireless Administrator 
*Sent:* Monday, May 16, 2016 8:56 AM
*To:* af@afmug.com 
*Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 
100Mbps


Thanks for having a look at this for us.  It sure doesn’t make sense 
to me.  The system continues to run 1000Base-T Full Duplex here with 
the Cambium units.  I’m sure there is a reason but it looks like this 
one’s above my pay grade.


Steve B.

*From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *ch...@wbmfg.com
*Sent:* Sunday, May 15, 2016 2:26 PM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 
100Mbps


No Joy.  Everything checks out 100%.

I bought one the cambium units for comparison.  Its impulse breakdown 
voltage is about 5 volts to ground lower than my unit for single pin 
to ground.  Transverse impulses are clamped much lower on the cambium 
unit but normally that is not an issue.


Pin to pin and pin to ground I have less capacitive loading than the 
cambium unit.


They have some other circuitry that I have yet to puzzle out.

Something that is not related to surge suppression.

In any event, your unit, a brand new unit from my stock and the 
cambium unit all show 1Gbps on the traffic tester and all show good 
wiring continuity and all show good breakdown voltage pin to ground.  
Visual inspections are not revealing any solder bridges or 
manufacturing issues


A puzzle for certain.  But I am not finished.  Stay tuned...

*From:*Wireless Administrator 

*Sent:*Friday, May 6, 2016 9:16 AM

*To:*af@afmug.com 

*Subject:*[AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

*Replaced This ……*

surge1.jpeg

*With This …….*

surge02.jpeg

*On same ground point and got This ……*

**

*surge03.PNG*

**

*:-)*

Except I want this to work …….

surge1.jpeg

*L***

*Extra effort to ensure clear pictures and easy to read story line ……*

**

*Steve*

*From:*Wireless Administrator [mailto:wirel...@htn.net]
*Sent:* Friday, April 29, 2016 12:03 PM
*To:* 'af@afmug.com'
*Subject:* Gigabit Ethernet on Cambium 450i


  We’re not able to get our Cambium 450i radio’s Ethernet Interface
  to run at Gigabit speed.


  Our setup is as follows:


  Gigabit switch (Tried several brands) à14’ Cat6 Patch àGigabit Sync
  injector (48V) à35’ Best-tronics Cat5 Shielded à800-800-GIGE-APC-HV
  à80’ Best-tronics Cat5 Shielded àCambium 450i


  It works without the 800-800-GIGE-APC-HV. (Cat5 Coupler).


  Anyone ……….


  Steve B.






--

[AFMUG] OT-Drupal sites


Anyone here use drupal for their web site management?

I have some questions using drupal 8 for a tricky implementation for 
some jquery code.


--

Re: [AFMUG] ubnt malware

are we talking can see layer two, can see via device discovery, thats a
broad term

Is there any direct thread on specific symptoms beyond devices offline and
any traces of what takes place post infection, ive seen some comments
theyre doing port 53 vpns to send spam, just curios what else.

Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3

We only have a handful of air routers with public IPs on them, everything
else is internal space

the self replication is what im wondering about, the devices on each
network segment are subnet isolated, but still on the same layer2

On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:

> Initially...  then every other radio (and switch) that radio can see.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Josh Reynolds" 
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:30:12 PM
> *Subject: *Re: [AFMUG] ubnt malware
>
>
> It's self replicating. They patched this long ago. It hits people with
> radios on public IPs.
> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
>> From what im reading in their forums something set off over the weekend?
>> or is it ubnt douche nozzles?
>>
>> It sounds almost as if this malware is actively being manipulated
>> (changing from key access to foul username/password, wandering control
>> ports, etc, like script kiddies found a new toy?
>>
>> is this thing self propagating from the device?
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

yeah, thats amazing me, one fella was complaining about how much of a
problem it would be to take a unit offline to get on a bench. I would think
if things are that bad that your network is progressively shutting down,
convenience would be the least of your concerns.

I have to investigate a couple anomalies on the network, in the back of my
mind Im hoping the air routers have been hit to put a nail in their coffins
so we cam go with mikrotiks as the CPE router instead

On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds  wrote:

> Or threatening to sue because of their own personal ignorance and
> negligence.
> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>
>> A good amount of it is just people that don't know any better making
>> false observations.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"That One Guy /sarcasm" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>> *Subject: *[AFMUG] ubnt malware
>>
>> From what im reading in their forums something set off over the weekend?
>> or is it ubnt douche nozzles?
>>
>> It sounds almost as if this malware is actively being manipulated
>> (changing from key access to foul username/password, wandering control
>> ports, etc, like script kiddies found a new toy?
>>
>> is this thing self propagating from the device?
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] OT-Drupal sites

Our webdude is only drupal. The drupal community as I understand it is
super active

On Mon, May 16, 2016 at 8:36 PM, David Milholen  wrote:

> Anyone here use drupal for their web site management?
>
> I have some questions using drupal 8 for a tricky implementation for some
> jquery code.
>
> --
>

-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware


a few points i've seen / made note of:

all it takes is one public facing radio on an old firmware and anything can get 
hit.  i've heard reports even of 5.6.3 internally - but most of those reports 
the thought is the radio had been previously infected.  once a public facing 
radio is infected it'll talk to other radios near that subnet.  then it'll 
randomly go trying to infect things for, i believe, and you hafta love this. 
66,666 seconds. (roughly 18 hours).

after 18 hours, it resets to factory defaults, i believe.

if you can't get into a radio that has been infected during the first 18 hours, 
try login username mother with password of f*cker...

yah.  that's original.


  - Original Message - 
  From: That One Guy /sarcasm 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 8:37 PM
  Subject: Re: [AFMUG] ubnt malware


  are we talking can see layer two, can see via device discovery, thats a broad 
term


  Is there any direct thread on specific symptoms beyond devices offline and 
any traces of what takes place post infection, ive seen some comments theyre 
doing port 53 vpns to send spam, just curios what else.


  Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3


  We only have a handful of air routers with public IPs on them, everything 
else is internal space


  the self replication is what im wondering about, the devices on each network 
segment are subnet isolated, but still on the same layer2


  On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:

Initially...  then every other radio (and switch) that radio can see.




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP








From: "Josh Reynolds" 
To: af@afmug.com
Sent: Monday, May 16, 2016 8:30:12 PM
Subject: Re: [AFMUG] ubnt malware



It's self replicating. They patched this long ago. It hits people with 
radios on public IPs.

On May 16, 2016 8:19 PM, "That One Guy /sarcasm" 
 wrote:

  From what im reading in their forums something set off over the weekend? 
or is it ubnt douche nozzles?


  It sounds almost as if this malware is actively being manipulated 
(changing from key access to foul username/password, wandering control ports, 
etc, like script kiddies found a new toy?


  is this thing self propagating from the device?



  -- 

  If you only see yourself as part of the team but you don't see your team 
as part of yourself you have already failed as part of the team.







  -- 

  If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

There's a huge like 27 page forum thread on it.
On May 16, 2016 8:38 PM, "That One Guy /sarcasm" 
wrote:

> are we talking can see layer two, can see via device discovery, thats a
> broad term
>
> Is there any direct thread on specific symptoms beyond devices offline and
> any traces of what takes place post infection, ive seen some comments
> theyre doing port 53 vpns to send spam, just curios what else.
>
> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>
> We only have a handful of air routers with public IPs on them, everything
> else is internal space
>
> the self replication is what im wondering about, the devices on each
> network segment are subnet isolated, but still on the same layer2
>
> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:
>
>> Initially...  then every other radio (and switch) that radio can see.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"Josh Reynolds" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>>
>> It's self replicating. They patched this long ago. It hits people with
>> radios on public IPs.
>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] ubnt malware

the latest reports i've been reading is with the radio resetting to defaults, 
ssid becomes ubnt, and a radio on newer firmware won't associate because you 
haven't accepted the TOS on the radios (which had gone default)

  - Original Message - 
  From: That One Guy /sarcasm 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 8:41 PM
  Subject: Re: [AFMUG] ubnt malware

  yeah, thats amazing me, one fella was complaining about how much of a problem 
it would be to take a unit offline to get on a bench. I would think if things 
are that bad that your network is progressively shutting down, convenience 
would be the least of your concerns.

  I have to investigate a couple anomalies on the network, in the back of my 
mind Im hoping the air routers have been hit to put a nail in their coffins so 
we cam go with mikrotiks as the CPE router instead

  On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds  wrote:

Or threatening to sue because of their own personal ignorance and 
negligence.

On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:

  A good amount of it is just people that don't know any better making 
false observations.

  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP

--

  From: "That One Guy /sarcasm" 
  To: af@afmug.com
  Sent: Monday, May 16, 2016 8:19:00 PM
  Subject: [AFMUG] ubnt malware

  From what im reading in their forums something set off over the weekend? 
or is it ubnt douche nozzles?

  It sounds almost as if this malware is actively being manipulated 
(changing from key access to foul username/password, wandering control ports, 
etc, like script kiddies found a new toy?

  is this thing self propagating from the device?

  -- 

  If you only see yourself as part of the team but you don't see your team 
as part of yourself you have already failed as part of the team.

  -- 

  If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

You like when things don't follow common standards? Boy, I've got a company
called MikroTik you'd probably love to hear more about :P
On May 16, 2016 8:33 PM, "David Milholen"  wrote:

> Cambium has been known to break the mold :)
> Which is what I like in a product.
>
>
> On 5/16/2016 6:51 PM, Josh Reynolds wrote:
>
> That sounds really backwards compared to most gear I'm familiar with.
>
> On Mon, May 16, 2016 at 6:18 PM, Ken Hohhof  wrote:
>
>> I have a question while we are on the topic:  what color is the last LED
>> on your 450i AP when it is running at 1000 Mbps?  I know it’s green at 100
>> Mbps, but what about 1000 Mbps?  I know the user guide says orange, but is
>> that what your AP actually does?
>>
>>
>> *From:* David 
>> *Sent:* Monday, May 16, 2016 3:22 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running
>> 100Mbps
>>
>> I am only catching part of this thread so dont throw anything at me for
>> not reading the whole thread.
>> 450i radios are rated for the 56v unlike the 450 radios they are rated
>> for cambium std 29v
>> This is the reason I am having to upgrade all of my boxes to 48v plant as
>> its base supply.
>>
>>
>> On 05/16/2016 11:35 AM, Chuck McCown wrote:
>>
>> I have an idea.  Working on an experiment.
>>
>> *From:* Wireless Administrator 
>> *Sent:* Monday, May 16, 2016 8:56 AM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running
>> 100Mbps
>>
>>
>> Thanks for having a look at this for us.  It sure doesn’t make sense to
>> me.  The system  continues to run 1000Base-T Full Duplex here with the
>> Cambium units.  I’m sure there is a reason but it looks like this one’s
>> above my pay grade.
>>
>>
>>
>> Steve B.
>>
>>
>>
>> *From:* Af [mailto:af-boun...@afmug.com ] *On
>> Behalf Of *ch...@wbmfg.com
>> *Sent:* Sunday, May 15, 2016 2:26 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running
>> 100Mbps
>>
>>
>>
>> No Joy.  Everything checks out 100%.
>>
>>
>>
>> I bought one the cambium units for comparison.  Its impulse breakdown
>> voltage is about 5 volts to ground lower than my unit for single pin to
>> ground.  Transverse impulses are clamped much lower on the cambium unit but
>> normally that is not an issue.
>>
>>
>>
>> Pin to pin and pin to ground I have less capacitive loading than the
>> cambium unit.
>>
>>
>>
>> They have some other circuitry that I have yet to puzzle out.
>>
>> Something that is not related to surge suppression.
>>
>>
>>
>> In any event, your unit, a brand new unit from my stock and the cambium
>> unit all show 1Gbps on the traffic tester and all show good wiring
>> continuity and all show good breakdown voltage pin to ground.  Visual
>> inspections are not revealing any solder bridges or manufacturing issues
>>
>>
>>
>> A puzzle for certain.  But I am not finished.  Stay tuned...
>>
>>
>>
>> *From:* Wireless Administrator 
>>
>> *Sent:* Friday, May 6, 2016 9:16 AM
>>
>> *To:* af@afmug.com
>>
>> *Subject:* [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps
>>
>>
>>
>> *Replaced This ……*
>>
>>
>>
>> [image: surge1.jpeg]
>>
>>
>>
>> *With This …….*
>>
>>
>>
>> [image: surge02.jpeg]
>>
>>
>>
>> *On same ground point and got This ……*
>>
>>
>>
>> *[image: surge03.PNG]*
>>
>>
>>
>> *:-)*
>>
>>
>>
>> Except I want this to work …….
>>
>>
>>
>> [image: surge1.jpeg]
>>
>>
>>
>> *L*
>>
>> *Extra effort to ensure clear pictures and easy to read story line ……*
>>
>>
>>
>> *Steve*
>>
>>
>>
>>
>>
>> *From:* Wireless Administrator [mailto:wirel...@htn.net
>>  ]
>> *Sent:* Friday, April 29, 2016 12:03 PM
>> *To:* 'af@afmug.com'
>> *Subject:* Gigabit Ethernet on Cambium 450i
>>
>>
>> We’re not able to get our Cambium 450i radio’s Ethernet Interface to run
>> at Gigabit speed.  Our setup is as follows: Gigabit switch (Tried
>> several brands) à14’ Cat6 Patch àGigabit Sync injector (48V) à 35’
>> Best-tronics Cat5 Shielded à 800-800-GIGE-APC-HV à 80’ Best-tronics Cat5
>> Shielded à Cambium 450i It works without the 800-800-GIGE-APC-HV. (Cat5
>> Coupler). Anyone ……….   Steve B.
>>
>>
>>
>>
>>
>
> --
>

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

Firmware Version: XW.v5.5.10   Upload Firmware:
Build Number: 24238

On Mon, May 16, 2016 at 6:32 PM, Josh Reynolds  wrote:

> Make sure you're using upgrade and not upload... Also probably should be
> xm firmware, not xw.
> On May 16, 2016 8:30 PM, "TJ Trout"  wrote:
>
>> Anyone know the upgrade path or why this airgrid won't upgrade?
>>
>> XW 5.5.10 , tried almost all firmware revisions and keep getting failed
>> -5 error?
>>
>> Thanks,
>>
>> TJ
>>
>

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

I tried XW and XM, really strange

On Mon, May 16, 2016 at 7:00 PM, TJ Trout  wrote:

> Firmware Version: XW.v5.5.10   Upload Firmware:
> Build Number: 24238
>
> On Mon, May 16, 2016 at 6:32 PM, Josh Reynolds 
> wrote:
>
>> Make sure you're using upgrade and not upload... Also probably should be
>> xm firmware, not xw.
>> On May 16, 2016 8:30 PM, "TJ Trout"  wrote:
>>
>>> Anyone know the upgrade path or why this airgrid won't upgrade?
>>>
>>> XW 5.5.10 , tried almost all firmware revisions and keep getting failed
>>> -5 error?
>>>
>>> Thanks,
>>>
>>> TJ
>>>
>>
>

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

Try to reboot it first, then upgrade.
On May 16, 2016 9:00 PM, "TJ Trout"  wrote:

> I tried XW and XM, really strange
>
> On Mon, May 16, 2016 at 7:00 PM, TJ Trout  wrote:
>
>> Firmware Version: XW.v5.5.10   Upload Firmware:
>> Build Number: 24238
>>
>> On Mon, May 16, 2016 at 6:32 PM, Josh Reynolds 
>> wrote:
>>
>>> Make sure you're using upgrade and not upload... Also probably should be
>>> xm firmware, not xw.
>>> On May 16, 2016 8:30 PM, "TJ Trout"  wrote:
>>>
 Anyone know the upgrade path or why this airgrid won't upgrade?

 XW 5.5.10 , tried almost all firmware revisions and keep getting failed
 -5 error?

 Thanks,

 TJ

>>>
>>
>

Re: [AFMUG] ubnt malware

im not finding any air routers or reading anything about airrouters getting
hit, maybe this is limited to radios.

But there is something definetly active, the logs in the air routers are
getting hammered with access attempts, even more than normal. this 5.65
will probably have a log bug that causes an overflow dump or something like
that

On Mon, May 16, 2016 at 8:56 PM, CBB - Jay Fuller  wrote:

>
> the latest reports i've been reading is with the radio resetting to
> defaults, ssid becomes ubnt, and a radio on newer firmware won't associate
> because you haven't accepted the TOS on the radios (which had gone default)
>
>
> - Original Message -
> *From:* That One Guy /sarcasm 
> *To:* af@afmug.com
> *Sent:* Monday, May 16, 2016 8:41 PM
> *Subject:* Re: [AFMUG] ubnt malware
>
> yeah, thats amazing me, one fella was complaining about how much of a
> problem it would be to take a unit offline to get on a bench. I would think
> if things are that bad that your network is progressively shutting down,
> convenience would be the least of your concerns.
>
> I have to investigate a couple anomalies on the network, in the back of my
> mind Im hoping the air routers have been hit to put a nail in their coffins
> so we cam go with mikrotiks as the CPE router instead
>
> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds 
> wrote:
>
>> Or threatening to sue because of their own personal ignorance and
>> negligence.
>> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>>
>>> A good amount of it is just people that don't know any better making
>>> false observations.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions 
>>> 
>>> 
>>> 
>>> 
>>> Midwest Internet Exchange 
>>> 
>>> 
>>> 
>>> The Brothers WISP 
>>> 
>>>
>>>
>>> 
>>> --
>>> *From: *"That One Guy /sarcasm" 
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>>> *Subject: *[AFMUG] ubnt malware
>>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

Yeah, tried that as well. UI reboot anyway. Not a full power cycle.

On Mon, May 16, 2016 at 7:04 PM, Josh Reynolds  wrote:

> Try to reboot it first, then upgrade.
> On May 16, 2016 9:00 PM, "TJ Trout"  wrote:
>
>> I tried XW and XM, really strange
>>
>> On Mon, May 16, 2016 at 7:00 PM, TJ Trout  wrote:
>>
>>> Firmware Version: XW.v5.5.10   Upload Firmware:
>>> Build Number: 24238
>>>
>>> On Mon, May 16, 2016 at 6:32 PM, Josh Reynolds 
>>> wrote:
>>>
 Make sure you're using upgrade and not upload... Also probably should
 be xm firmware, not xw.
 On May 16, 2016 8:30 PM, "TJ Trout"  wrote:

> Anyone know the upgrade path or why this airgrid won't upgrade?
>
> XW 5.5.10 , tried almost all firmware revisions and keep getting
> failed -5 error?
>
> Thanks,
>
> TJ
>

>>>
>>

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

Usually a software reboot works...it doesn't have room for whatever reason.

Have you tried wget and fwupdate ?


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, May 16, 2016 at 10:07 PM, TJ Trout  wrote:

> Yeah, tried that as well. UI reboot anyway. Not a full power cycle.
>
> On Mon, May 16, 2016 at 7:04 PM, Josh Reynolds 
> wrote:
>
>> Try to reboot it first, then upgrade.
>> On May 16, 2016 9:00 PM, "TJ Trout"  wrote:
>>
>>> I tried XW and XM, really strange
>>>
>>> On Mon, May 16, 2016 at 7:00 PM, TJ Trout  wrote:
>>>
 Firmware Version: XW.v5.5.10   Upload Firmware:
 Build Number: 24238

 On Mon, May 16, 2016 at 6:32 PM, Josh Reynolds 
 wrote:

> Make sure you're using upgrade and not upload... Also probably should
> be xm firmware, not xw.
> On May 16, 2016 8:30 PM, "TJ Trout"  wrote:
>
>> Anyone know the upgrade path or why this airgrid won't upgrade?
>>
>> XW 5.5.10 , tried almost all firmware revisions and keep getting
>> failed -5 error?
>>
>> Thanks,
>>
>> TJ
>>
>

>>>
>

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

Can't get in via SSH as well, I'll try to get the customer to do a hard
reboot, then make a truck roll if that doesn't work

On Mon, May 16, 2016 at 7:09 PM, Josh Luthman 
wrote:

> Usually a software reboot works...it doesn't have room for whatever reason.
>
> Have you tried wget and fwupdate ?
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Mon, May 16, 2016 at 10:07 PM, TJ Trout  wrote:
>
>> Yeah, tried that as well. UI reboot anyway. Not a full power cycle.
>>
>> On Mon, May 16, 2016 at 7:04 PM, Josh Reynolds 
>> wrote:
>>
>>> Try to reboot it first, then upgrade.
>>> On May 16, 2016 9:00 PM, "TJ Trout"  wrote:
>>>
 I tried XW and XM, really strange

 On Mon, May 16, 2016 at 7:00 PM, TJ Trout  wrote:

> Firmware Version: XW.v5.5.10   Upload Firmware:
> Build Number: 24238
>
> On Mon, May 16, 2016 at 6:32 PM, Josh Reynolds 
> wrote:
>
>> Make sure you're using upgrade and not upload... Also probably should
>> be xm firmware, not xw.
>> On May 16, 2016 8:30 PM, "TJ Trout"  wrote:
>>
>>> Anyone know the upgrade path or why this airgrid won't upgrade?
>>>
>>> XW 5.5.10 , tried almost all firmware revisions and keep getting
>>> failed -5 error?
>>>
>>> Thanks,
>>>
>>> TJ
>>>
>>
>

>>
>

Re: [AFMUG] ubnt malware

Yup. Spent 3 hours reading it all last night

  - Original Message - 
  From: Josh Reynolds 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 8:56 PM
  Subject: Re: [AFMUG] ubnt malware

  There's a huge like 27 page forum thread on it.

  On May 16, 2016 8:38 PM, "That One Guy /sarcasm"  
wrote:

are we talking can see layer two, can see via device discovery, thats a 
broad term

Is there any direct thread on specific symptoms beyond devices offline and 
any traces of what takes place post infection, ive seen some comments theyre 
doing port 53 vpns to send spam, just curios what else.

Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3

We only have a handful of air routers with public IPs on them, everything 
else is internal space

the self replication is what im wondering about, the devices on each 
network segment are subnet isolated, but still on the same layer2

On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:

  Initially...  then every other radio (and switch) that radio can see.

  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP

--

  From: "Josh Reynolds" 
  To: af@afmug.com
  Sent: Monday, May 16, 2016 8:30:12 PM
  Subject: Re: [AFMUG] ubnt malware

  It's self replicating. They patched this long ago. It hits people with 
radios on public IPs.

  On May 16, 2016 8:19 PM, "That One Guy /sarcasm" 
 wrote:

From what im reading in their forums something set off over the 
weekend? or is it ubnt douche nozzles?

It sounds almost as if this malware is actively being manipulated 
(changing from key access to foul username/password, wandering control ports, 
etc, like script kiddies found a new toy?

is this thing self propagating from the device?

-- 

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

oops I confused this with another one I'm working on, I actually just got
this one to update through SSH using the ubnt removal tool., I have another
that has no ssh, no web ui but is passing traffic, I suspect is infected

On Mon, May 16, 2016 at 7:11 PM, TJ Trout  wrote:

> Can't get in via SSH as well, I'll try to get the customer to do a hard
> reboot, then make a truck roll if that doesn't work
>
> On Mon, May 16, 2016 at 7:09 PM, Josh Luthman  > wrote:
>
>> Usually a software reboot works...it doesn't have room for whatever
>> reason.
>>
>> Have you tried wget and fwupdate ?
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Mon, May 16, 2016 at 10:07 PM, TJ Trout  wrote:
>>
>>> Yeah, tried that as well. UI reboot anyway. Not a full power cycle.
>>>
>>> On Mon, May 16, 2016 at 7:04 PM, Josh Reynolds 
>>> wrote:
>>>
 Try to reboot it first, then upgrade.
 On May 16, 2016 9:00 PM, "TJ Trout"  wrote:

> I tried XW and XM, really strange
>
> On Mon, May 16, 2016 at 7:00 PM, TJ Trout  wrote:
>
>> Firmware Version: XW.v5.5.10   Upload Firmware:
>> Build Number: 24238
>>
>> On Mon, May 16, 2016 at 6:32 PM, Josh Reynolds 
>> wrote:
>>
>>> Make sure you're using upgrade and not upload... Also probably
>>> should be xm firmware, not xw.
>>> On May 16, 2016 8:30 PM, "TJ Trout"  wrote:
>>>
 Anyone know the upgrade path or why this airgrid won't upgrade?

 XW 5.5.10 , tried almost all firmware revisions and keep getting
 failed -5 error?

 Thanks,

 TJ

>>>
>>
>
>>>
>>
>

Re: [AFMUG] OT-Drupal sites

Yes, I have been all over it but I am having trouble determining if I 
should implement this code as a template or define in the existing theme.



On 5/16/2016 8:47 PM, That One Guy /sarcasm wrote:
Our webdude is only drupal. The drupal community as I understand it is 
super active


On Mon, May 16, 2016 at 8:36 PM, David Milholen > wrote:


Anyone here use drupal for their web site management?

I have some questions using drupal 8 for a tricky implementation
for some jquery code.

-- 





--
If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.


--

Re: [AFMUG] ubnt malware

It effects tough switches, airrouters, airfiber, airmax, airmax AC, etc
On May 16, 2016 9:06 PM, "That One Guy /sarcasm" 
wrote:

im not finding any air routers or reading anything about airrouters getting
hit, maybe this is limited to radios.

But there is something definetly active, the logs in the air routers are
getting hammered with access attempts, even more than normal. this 5.65
will probably have a log bug that causes an overflow dump or something like
that

On Mon, May 16, 2016 at 8:56 PM, CBB - Jay Fuller  wrote:

>
> the latest reports i've been reading is with the radio resetting to
> defaults, ssid becomes ubnt, and a radio on newer firmware won't associate
> because you haven't accepted the TOS on the radios (which had gone default)
>
>
> - Original Message -
> *From:* That One Guy /sarcasm 
> *To:* af@afmug.com
> *Sent:* Monday, May 16, 2016 8:41 PM
> *Subject:* Re: [AFMUG] ubnt malware
>
> yeah, thats amazing me, one fella was complaining about how much of a
> problem it would be to take a unit offline to get on a bench. I would think
> if things are that bad that your network is progressively shutting down,
> convenience would be the least of your concerns.
>
> I have to investigate a couple anomalies on the network, in the back of my
> mind Im hoping the air routers have been hit to put a nail in their coffins
> so we cam go with mikrotiks as the CPE router instead
>
> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds 
> wrote:
>
>> Or threatening to sue because of their own personal ignorance and
>> negligence.
>> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>>
>>> A good amount of it is just people that don't know any better making
>>> false observations.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions 
>>> 
>>> 
>>> 
>>> 
>>> Midwest Internet Exchange 
>>> 
>>> 
>>> 
>>> The Brothers WISP 
>>> 
>>>
>>>
>>> 
>>> --
>>> *From: *"That One Guy /sarcasm" 
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>>> *Subject: *[AFMUG] ubnt malware
>>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

Anyone have luck fixing a unit that won't respond to ssh or http?

On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller  wrote:

>
> Yup. Spent 3 hours reading it all last night
>
>
> - Original Message -
> *From:* Josh Reynolds 
> *To:* af@afmug.com
> *Sent:* Monday, May 16, 2016 8:56 PM
> *Subject:* Re: [AFMUG] ubnt malware
>
> There's a huge like 27 page forum thread on it.
> On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
>> are we talking can see layer two, can see via device discovery, thats a
>> broad term
>>
>> Is there any direct thread on specific symptoms beyond devices offline
>> and any traces of what takes place post infection, ive seen some comments
>> theyre doing port 53 vpns to send spam, just curios what else.
>>
>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>>
>> We only have a handful of air routers with public IPs on them, everything
>> else is internal space
>>
>> the self replication is what im wondering about, the devices on each
>> network segment are subnet isolated, but still on the same layer2
>>
>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:
>>
>>> Initially...  then every other radio (and switch) that radio can see.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions 
>>> 
>>> 
>>> 
>>> 
>>> Midwest Internet Exchange 
>>> 
>>> 
>>> 
>>> The Brothers WISP 
>>> 
>>>
>>>
>>> 
>>> --
>>> *From: *"Josh Reynolds" 
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>>> *Subject: *Re: [AFMUG] ubnt malware
>>>
>>>
>>> It's self replicating. They patched this long ago. It hits people with
>>> radios on public IPs.
>>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>>> thatoneguyst...@gmail.com> wrote:
>>>
 From what im reading in their forums something set off over the
 weekend? or is it ubnt douche nozzles?

 It sounds almost as if this malware is actively being manipulated
 (changing from key access to foul username/password, wandering control
 ports, etc, like script kiddies found a new toy?

 is this thing self propagating from the device?

 --
 If you only see yourself as part of the team but you don't see your
 team as part of yourself you have already failed as part of the team.

>>>
>>>
>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>

Re: [AFMUG] Airgrid XW 5.5.1.0 firmware -5 error?

Sounds like a memory leak. If it's still connected via air control you can
try using it to reboot it
On May 16, 2016 9:12 PM, "TJ Trout"  wrote:

> oops I confused this with another one I'm working on, I actually just got
> this one to update through SSH using the ubnt removal tool., I have another
> that has no ssh, no web ui but is passing traffic, I suspect is infected
>
> On Mon, May 16, 2016 at 7:11 PM, TJ Trout  wrote:
>
>> Can't get in via SSH as well, I'll try to get the customer to do a hard
>> reboot, then make a truck roll if that doesn't work
>>
>> On Mon, May 16, 2016 at 7:09 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> Usually a software reboot works...it doesn't have room for whatever
>>> reason.
>>>
>>> Have you tried wget and fwupdate ?
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Mon, May 16, 2016 at 10:07 PM, TJ Trout  wrote:
>>>
 Yeah, tried that as well. UI reboot anyway. Not a full power cycle.

 On Mon, May 16, 2016 at 7:04 PM, Josh Reynolds 
 wrote:

> Try to reboot it first, then upgrade.
> On May 16, 2016 9:00 PM, "TJ Trout"  wrote:
>
>> I tried XW and XM, really strange
>>
>> On Mon, May 16, 2016 at 7:00 PM, TJ Trout  wrote:
>>
>>> Firmware Version: XW.v5.5.10   Upload Firmware:
>>> Build Number: 24238
>>>
>>> On Mon, May 16, 2016 at 6:32 PM, Josh Reynolds >> > wrote:
>>>
 Make sure you're using upgrade and not upload... Also probably
 should be xm firmware, not xw.
 On May 16, 2016 8:30 PM, "TJ Trout"  wrote:

> Anyone know the upgrade path or why this airgrid won't upgrade?
>
> XW 5.5.10 , tried almost all firmware revisions and keep getting
> failed -5 error?
>
> Thanks,
>
> TJ
>

>>>
>>

>>>
>>
>

Re: [AFMUG] ubnt malware

If you can't ssh/http you need to do tftp recovery.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, May 16, 2016 at 10:13 PM, TJ Trout  wrote:

> Anyone have luck fixing a unit that won't respond to ssh or http?
>
> On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller <
> par...@cyberbroadband.net> wrote:
>
>>
>> Yup. Spent 3 hours reading it all last night
>>
>>
>> - Original Message -
>> *From:* Josh Reynolds 
>> *To:* af@afmug.com
>> *Sent:* Monday, May 16, 2016 8:56 PM
>> *Subject:* Re: [AFMUG] ubnt malware
>>
>> There's a huge like 27 page forum thread on it.
>> On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> are we talking can see layer two, can see via device discovery, thats a
>>> broad term
>>>
>>> Is there any direct thread on specific symptoms beyond devices offline
>>> and any traces of what takes place post infection, ive seen some comments
>>> theyre doing port 53 vpns to send spam, just curios what else.
>>>
>>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>>>
>>> We only have a handful of air routers with public IPs on them,
>>> everything else is internal space
>>>
>>> the self replication is what im wondering about, the devices on each
>>> network segment are subnet isolated, but still on the same layer2
>>>
>>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:
>>>
 Initially...  then every other radio (and switch) that radio can see.



 -
 Mike Hammett
 Intelligent Computing Solutions 
 
 
 
 
 Midwest Internet Exchange 
 
 
 
 The Brothers WISP 
 


 
 --
 *From: *"Josh Reynolds" 
 *To: *af@afmug.com
 *Sent: *Monday, May 16, 2016 8:30:12 PM
 *Subject: *Re: [AFMUG] ubnt malware


 It's self replicating. They patched this long ago. It hits people with
 radios on public IPs.
 On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
 thatoneguyst...@gmail.com> wrote:

> From what im reading in their forums something set off over the
> weekend? or is it ubnt douche nozzles?
>
> It sounds almost as if this malware is actively being manipulated
> (changing from key access to foul username/password, wandering control
> ports, etc, like script kiddies found a new toy?
>
> is this thing self propagating from the device?
>
> --
> If you only see yourself as part of the team but you don't see your
> team as part of yourself you have already failed as part of the team.
>


>>>
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>
>

Re: [AFMUG] ubnt malware

If you have firewall rules at the edge of the network blocking the
management ports ti the airrouters that are on public IPs, they're probably
fine. We still have some radios that are on old firmware, but   I haven't
been able to find anything on our network that's infected. Fortunately,
when I was setting up the firewall rules to block access to the CPEs from
outside our network, I decided it was desirable to block customers from
being able to get to other customers radios as well... which should break
the self replicating part of this thing, so even if it does somehow get
into our network, it shouldn't be able to get far.

That said, I'm updating everything that isn't on at least 5.6.2 right away.
On May 16, 2016 8:41 PM, "That One Guy /sarcasm" 
wrote:

yeah, thats amazing me, one fella was complaining about how much of a
problem it would be to take a unit offline to get on a bench. I would think
if things are that bad that your network is progressively shutting down,
convenience would be the least of your concerns.

I have to investigate a couple anomalies on the network, in the back of my
mind Im hoping the air routers have been hit to put a nail in their coffins
so we cam go with mikrotiks as the CPE router instead

On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds  wrote:

> Or threatening to sue because of their own personal ignorance and
> negligence.
> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>
>> A good amount of it is just people that don't know any better making
>> false observations.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"That One Guy /sarcasm" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>> *Subject: *[AFMUG] ubnt malware
>>
>> From what im reading in their forums something set off over the weekend?
>> or is it ubnt douche nozzles?
>>
>> It sounds almost as if this malware is actively being manipulated
>> (changing from key access to foul username/password, wandering control
>> ports, etc, like script kiddies found a new toy?
>>
>> is this thing self propagating from the device?
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>

-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

Man, if I were a malware writer Id have had this at least leave the gui
login page accessible, this was you could harves operator username and
passwords to attack other network devices visible

On Mon, May 16, 2016 at 9:14 PM, Josh Luthman 
wrote:

> If you can't ssh/http you need to do tftp recovery.
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Mon, May 16, 2016 at 10:13 PM, TJ Trout  wrote:
>
>> Anyone have luck fixing a unit that won't respond to ssh or http?
>>
>> On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller <
>> par...@cyberbroadband.net> wrote:
>>
>>>
>>> Yup. Spent 3 hours reading it all last night
>>>
>>>
>>> - Original Message -
>>> *From:* Josh Reynolds 
>>> *To:* af@afmug.com
>>> *Sent:* Monday, May 16, 2016 8:56 PM
>>> *Subject:* Re: [AFMUG] ubnt malware
>>>
>>> There's a huge like 27 page forum thread on it.
>>> On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <
>>> thatoneguyst...@gmail.com> wrote:
>>>
 are we talking can see layer two, can see via device discovery, thats a
 broad term

 Is there any direct thread on specific symptoms beyond devices offline
 and any traces of what takes place post infection, ive seen some comments
 theyre doing port 53 vpns to send spam, just curios what else.

 Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and
 3

 We only have a handful of air routers with public IPs on them,
 everything else is internal space

 the self replication is what im wondering about, the devices on each
 network segment are subnet isolated, but still on the same layer2

 On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:

> Initially...  then every other radio (and switch) that radio can see.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Josh Reynolds" 
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:30:12 PM
> *Subject: *Re: [AFMUG] ubnt malware
>
>
> It's self replicating. They patched this long ago. It hits people with
> radios on public IPs.
> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
>> From what im reading in their forums something set off over the
>> weekend? or is it ubnt douche nozzles?
>>
>> It sounds almost as if this malware is actively being manipulated
>> (changing from key access to foul username/password, wandering control
>> ports, etc, like script kiddies found a new toy?
>>
>> is this thing self propagating from the device?
>>
>> --
>> If you only see yourself as part of the team but you don't see your
>> team as part of yourself you have already failed as part of the team.
>>
>
>


 --
 If you only see yourself as part of the team but you don't see your
 team as part of yourself you have already failed as part of the team.

>>>
>>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

Air routers run the same firmware, so they're going to be affected.
On May 16, 2016 9:06 PM, "That One Guy /sarcasm" 
wrote:

> im not finding any air routers or reading anything about airrouters
> getting hit, maybe this is limited to radios.
>
> But there is something definetly active, the logs in the air routers are
> getting hammered with access attempts, even more than normal. this 5.65
> will probably have a log bug that causes an overflow dump or something like
> that
>
> On Mon, May 16, 2016 at 8:56 PM, CBB - Jay Fuller <
> par...@cyberbroadband.net> wrote:
>
>>
>> the latest reports i've been reading is with the radio resetting to
>> defaults, ssid becomes ubnt, and a radio on newer firmware won't associate
>> because you haven't accepted the TOS on the radios (which had gone default)
>>
>>
>> - Original Message -
>> *From:* That One Guy /sarcasm 
>> *To:* af@afmug.com
>> *Sent:* Monday, May 16, 2016 8:41 PM
>> *Subject:* Re: [AFMUG] ubnt malware
>>
>> yeah, thats amazing me, one fella was complaining about how much of a
>> problem it would be to take a unit offline to get on a bench. I would think
>> if things are that bad that your network is progressively shutting down,
>> convenience would be the least of your concerns.
>>
>> I have to investigate a couple anomalies on the network, in the back of
>> my mind Im hoping the air routers have been hit to put a nail in their
>> coffins so we cam go with mikrotiks as the CPE router instead
>>
>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds 
>> wrote:
>>
>>> Or threatening to sue because of their own personal ignorance and
>>> negligence.
>>> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>>>
 A good amount of it is just people that don't know any better making
 false observations.



 -
 Mike Hammett
 Intelligent Computing Solutions 
 
 
 
 
 Midwest Internet Exchange 
 
 
 
 The Brothers WISP 
 


 
 --
 *From: *"That One Guy /sarcasm" 
 *To: *af@afmug.com
 *Sent: *Monday, May 16, 2016 8:19:00 PM
 *Subject: *[AFMUG] ubnt malware

 From what im reading in their forums something set off over the
 weekend? or is it ubnt douche nozzles?

 It sounds almost as if this malware is actively being manipulated
 (changing from key access to foul username/password, wandering control
 ports, etc, like script kiddies found a new toy?

 is this thing self propagating from the device?

 --
 If you only see yourself as part of the team but you don't see your
 team as part of yourself you have already failed as part of the team.


>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

2016-05-16 Thread Ken Hohhof

No, the reason I’m asking is I’m seeing the LED totally off when running at 
1000 Mbps.  Not orange like the user guide says.  What I am seeing on the 
actual AP is:

10M:  red
100M:  green
1000M:  off, nothing, nada, zilch, dark, devoid of visible radiation

It really screwed me up because I thought there was no link, until I realized 
it was working fine at 1000FDX and reporting 1000FDX in the GUI.


From: Eric Kuhnke 
Sent: Monday, May 16, 2016 8:51 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

I've seen this a lot - the Intel 1000BaseT server NICs all use yellow-orange 
for an active 1000Mbps link, and green for 100Mbps. Seems counter intuitive but 
it is sort of a 'standard'.


Such as the i350-T2 and others.


http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/intel-gigabit-server-adapters/intel-ethernet-server-adapter-i350-series/intel-ethernet-server-adapter-i350-t2.html
 


On Mon, May 16, 2016 at 4:51 PM, Josh Reynolds  wrote:

  That sounds really backwards compared to most gear I'm familiar with.

  On Mon, May 16, 2016 at 6:18 PM, Ken Hohhof  wrote:

I have a question while we are on the topic:  what color is the last LED on 
your 450i AP when it is running at 1000 Mbps?  I know it’s green at 100 Mbps, 
but what about 1000 Mbps?  I know the user guide says orange, but is that what 
your AP actually does?


From: David 
Sent: Monday, May 16, 2016 3:22 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

I am only catching part of this thread so dont throw anything at me for not 
reading the whole thread.
450i radios are rated for the 56v unlike the 450 radios they are rated for 
cambium std 29v
This is the reason I am having to upgrade all of my boxes to 48v plant as 
its base supply.



On 05/16/2016 11:35 AM, Chuck McCown wrote:

  I have an idea.  Working on an experiment.  

  From: Wireless Administrator 
  Sent: Monday, May 16, 2016 8:56 AM
  To: af@afmug.com 
  Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

  Thanks for having a look at this for us.  It sure doesn’t make sense to 
me.  The system  continues to run 1000Base-T Full Duplex here with the Cambium 
units.  I’m sure there is a reason but it looks like this one’s above my pay 
grade.



  Steve B.



  From: Af [mailto:af-boun...@afmug.com] On Behalf Of ch...@wbmfg.com
  Sent: Sunday, May 15, 2016 2:26 PM
  To: af@afmug.com
  Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps



  No Joy.  Everything checks out 100%.



  I bought one the cambium units for comparison.  Its impulse breakdown 
voltage is about 5 volts to ground lower than my unit for single pin to ground. 
 Transverse impulses are clamped much lower on the cambium unit but normally 
that is not an issue.



  Pin to pin and pin to ground I have less capacitive loading than the 
cambium unit.  



  They have some other circuitry that I have yet to puzzle out.  

  Something that is not related to surge suppression.  



  In any event, your unit, a brand new unit from my stock and the cambium 
unit all show 1Gbps on the traffic tester and all show good wiring continuity 
and all show good breakdown voltage pin to ground.  Visual inspections are not 
revealing any solder bridges or manufacturing issues



  A puzzle for certain.  But I am not finished.  Stay tuned... 



  From: Wireless Administrator 

  Sent: Friday, May 6, 2016 9:16 AM

  To: af@afmug.com 

  Subject: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps



  Replaced This ……







  With This …….







  On same ground point and got This ……







  :-)



  Except I want this to work …….







  L

  Extra effort to ensure clear pictures and easy to read story line ……



  Steve





  From: Wireless Administrator [mailto:wirel...@htn.net] 
  Sent: Friday, April 29, 2016 12:03 PM
  To: 'af@afmug.com'
  Subject: Gigabit Ethernet on Cambium 450i



  We’re not able to get our Cambium 450i radio’s Ethernet Interface to run 
at Gigabit speed.  
  Our setup is as follows:
  Gigabit switch (Tried several brands) à14’ Cat6 Patch àGigabit Sync 
injector (48V) à 35’ Best-tronics Cat5 Shielded à 800-800-GIGE-APC-HV à 80’ 
Best-tronics Cat5 Shielded à Cambium 450i
  It works without the 800-800-GIGE-APC-HV. (Cat5 Coupler).
  Anyone ……….

  Steve B.

Re: [AFMUG] ubnt malware

You've been reading comments from people that don't know what they're talking 
about. 

5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If they 
have the files on them, they either weren't properly cleaned or the files were 
uploading into an inert portion of the system that is wiped on reboot. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "That One Guy /sarcasm"  
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:37:59 PM 
Subject: Re: [AFMUG] ubnt malware 

are we talking can see layer two, can see via device discovery, thats a broad 
term 

Is there any direct thread on specific symptoms beyond devices offline and any 
traces of what takes place post infection, ive seen some comments theyre doing 
port 53 vpns to send spam, just curios what else. 

Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3 

We only have a handful of air routers with public IPs on them, everything else 
is internal space 

the self replication is what im wondering about, the devices on each network 
segment are subnet isolated, but still on the same layer2 

On Mon, May 16, 2016 at 8:31 PM, Mike Hammett < af...@ics-il.net > wrote: 

Initially... then every other radio (and switch) that radio can see. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

From: "Josh Reynolds" < j...@kyneticwifi.com > 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:30:12 PM 
Subject: Re: [AFMUG] ubnt malware 

It's self replicating. They patched this long ago. It hits people with radios 
on public IPs. 
On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 

>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 

It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 

is this thing self propagating from the device? 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

2016-05-16 Thread Matt Mangriotis

We’re looking into this Ken… our engineering team is trying to replicate.

Will update your forum thread with results once figured out.

Matt

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof
Sent: Monday, May 16, 2016 9:23 PM
To: af@afmug.com
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

No, the reason I’m asking is I’m seeing the LED totally off when running at 
1000 Mbps.  Not orange like the user guide says.  What I am seeing on the 
actual AP is:

10M:  red
100M:  green
1000M:  off, nothing, nada, zilch, dark, devoid of visible radiation

It really screwed me up because I thought there was no link, until I realized 
it was working fine at 1000FDX and reporting 1000FDX in the GUI.

From: Eric Kuhnke
Sent: Monday, May 16, 2016 8:51 PM
To: af@afmug.com
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

I've seen this a lot - the Intel 1000BaseT server NICs all use yellow-orange 
for an active 1000Mbps link, and green for 100Mbps. Seems counter intuitive but 
it is sort of a 'standard'.
Such as the i350-T2 and others.

http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/intel-gigabit-server-adapters/intel-ethernet-server-adapter-i350-series/intel-ethernet-server-adapter-i350-t2.html

On Mon, May 16, 2016 at 4:51 PM, Josh Reynolds 
mailto:j...@kyneticwifi.com>> wrote:
That sounds really backwards compared to most gear I'm familiar with.

On Mon, May 16, 2016 at 6:18 PM, Ken Hohhof 
mailto:af...@kwisp.com>> wrote:
I have a question while we are on the topic:  what color is the last LED on 
your 450i AP when it is running at 1000 Mbps?  I know it’s green at 100 Mbps, 
but what about 1000 Mbps?  I know the user guide says orange, but is that what 
your AP actually does?

From: David
Sent: Monday, May 16, 2016 3:22 PM
To: af@afmug.com
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

I am only catching part of this thread so dont throw anything at me for not 
reading the whole thread.
450i radios are rated for the 56v unlike the 450 radios they are rated for 
cambium std 29v
This is the reason I am having to upgrade all of my boxes to 48v plant as its 
base supply.

On 05/16/2016 11:35 AM, Chuck McCown wrote:
I have an idea.  Working on an experiment.

From: Wireless Administrator
Sent: Monday, May 16, 2016 8:56 AM
To: af@afmug.com
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

Thanks for having a look at this for us.  It sure doesn’t make sense to me.  
The system  continues to run 1000Base-T Full Duplex here with the Cambium 
units.  I’m sure there is a reason but it looks like this one’s above my pay 
grade.

Steve B.

From: Af [mailto:af-boun...@afmug.com] On Behalf Of 
ch...@wbmfg.com
Sent: Sunday, May 15, 2016 2:26 PM
To: af@afmug.com
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

No Joy.  Everything checks out 100%.

I bought one the cambium units for comparison.  Its impulse breakdown voltage 
is about 5 volts to ground lower than my unit for single pin to ground.  
Transverse impulses are clamped much lower on the cambium unit but normally 
that is not an issue.

Pin to pin and pin to ground I have less capacitive loading than the cambium 
unit.

They have some other circuitry that I have yet to puzzle out.
Something that is not related to surge suppression.

In any event, your unit, a brand new unit from my stock and the cambium unit 
all show 1Gbps on the traffic tester and all show good wiring continuity and 
all show good breakdown voltage pin to ground.  Visual inspections are not 
revealing any solder bridges or manufacturing issues

A puzzle for certain.  But I am not finished.  Stay tuned...

From: Wireless Administrator
Sent: Friday, May 6, 2016 9:16 AM
To: af@afmug.com
Subject: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

Replaced This ……

With This …….

On same ground point and got This ……

:-)

Except I want this to work …….

☹
Extra effort to ensure clear pictures and easy to read story line ……

Steve

From: Wireless Administrator [mailto:wirel...@htn.net]
Sent: Friday, April 29, 2016 12:03 PM
To: 'af@afmug.com'
Subject: Gigabit Ethernet on Cambium 450i

We’re not able to get our Cambium 450i radio’s Ethernet Interface to run at 
Gigabit speed.
Our setup is as follows:
Gigabit switch (Tried several brands) -->14’ Cat6 Patch -->Gigabit Sync 
injector (48V) --> 35’ Best-tronics Cat5 Shielded --> 800-800-GIGE-APC-HV --> 
80’ Best-tronics Cat5 Shielded --> Cambium 450i
It works without the 800-800-GIGE-APC-HV. (Cat5 Coupler).
Anyone ……….

Steve B.

Re: [AFMUG] ubnt malware

Until it gets delivered via Flash or Java or something else... ;-) 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mathew Howard"  
To: "af"  
Sent: Monday, May 16, 2016 9:16:40 PM 
Subject: Re: [AFMUG] ubnt malware 

If you have firewall rules at the edge of the network blocking the management 
ports ti the airrouters that are on public IPs, they're probably fine. We still 
have some radios that are on old firmware, but I haven't been able to find 
anything on our network that's infected. Fortunately, when I was setting up the 
firewall rules to block access to the CPEs from outside our network, I decided 
it was desirable to block customers from being able to get to other customers 
radios as well... which should break the self replicating part of this thing, 
so even if it does somehow get into our network, it shouldn't be able to get 
far. 
That said, I'm updating everything that isn't on at least 5.6.2 right away. 
On May 16, 2016 8:41 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 

yeah, thats amazing me, one fella was complaining about how much of a problem 
it would be to take a unit offline to get on a bench. I would think if things 
are that bad that your network is progressively shutting down, convenience 
would be the least of your concerns. 

I have to investigate a couple anomalies on the network, in the back of my mind 
Im hoping the air routers have been hit to put a nail in their coffins so we 
cam go with mikrotiks as the CPE router instead 

On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds < j...@kyneticwifi.com > wrote: 

Or threatening to sue because of their own personal ignorance and negligence. 

On May 16, 2016 8:32 PM, "Mike Hammett" < af...@ics-il.net > wrote: 

A good amount of it is just people that don't know any better making false 
observations. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:19:00 PM 
Subject: [AFMUG] ubnt malware 

>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 

It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 

is this thing self propagating from the device? 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

>From what Ive read so far, the majority of them make me look like a network
rockstar. Im telling the boss to give me a raise or ill send them a job app
for my job

On Mon, May 16, 2016 at 9:33 PM, Mike Hammett  wrote:

> You've been reading comments from people that don't know what they're
> talking about.
>
> 5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If
> they have the files on them, they either weren't properly cleaned or the
> files were uploading into an inert portion of the system that is wiped on
> reboot.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"That One Guy /sarcasm" 
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:37:59 PM
> *Subject: *Re: [AFMUG] ubnt malware
>
> are we talking can see layer two, can see via device discovery, thats a
> broad term
>
> Is there any direct thread on specific symptoms beyond devices offline and
> any traces of what takes place post infection, ive seen some comments
> theyre doing port 53 vpns to send spam, just curios what else.
>
> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>
> We only have a handful of air routers with public IPs on them, everything
> else is internal space
>
> the self replication is what im wondering about, the devices on each
> network segment are subnet isolated, but still on the same layer2
>
> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:
>
>> Initially...  then every other radio (and switch) that radio can see.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"Josh Reynolds" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>>
>> It's self replicating. They patched this long ago. It hits people with
>> radios on public IPs.
>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

2016-05-16 Thread Ken Hohhof

Could just be my eyes.

From: Matt Mangriotis 
Sent: Monday, May 16, 2016 9:34 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

We’re looking into this Ken… our engineering team is trying to replicate.

Will update your forum thread with results once figured out.

Matt

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof
Sent: Monday, May 16, 2016 9:23 PM
To: af@afmug.com
Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

No, the reason I’m asking is I’m seeing the LED totally off when running at 
1000 Mbps.  Not orange like the user guide says.  What I am seeing on the 
actual AP is:

10M:  red

100M:  green

1000M:  off, nothing, nada, zilch, dark, devoid of visible radiation

It really screwed me up because I thought there was no link, until I realized 
it was working fine at 1000FDX and reporting 1000FDX in the GUI.

From: Eric Kuhnke 

Sent: Monday, May 16, 2016 8:51 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

I've seen this a lot - the Intel 1000BaseT server NICs all use yellow-orange 
for an active 1000Mbps link, and green for 100Mbps. Seems counter intuitive but 
it is sort of a 'standard'.

Such as the i350-T2 and others.

http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/intel-gigabit-server-adapters/intel-ethernet-server-adapter-i350-series/intel-ethernet-server-adapter-i350-t2.html

On Mon, May 16, 2016 at 4:51 PM, Josh Reynolds  wrote:

  That sounds really backwards compared to most gear I'm familiar with.

  On Mon, May 16, 2016 at 6:18 PM, Ken Hohhof  wrote:

I have a question while we are on the topic:  what color is the last LED on 
your 450i AP when it is running at 1000 Mbps?  I know it’s green at 100 Mbps, 
but what about 1000 Mbps?  I know the user guide says orange, but is that what 
your AP actually does?

From: David 

Sent: Monday, May 16, 2016 3:22 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

I am only catching part of this thread so dont throw anything at me for not 
reading the whole thread.
450i radios are rated for the 56v unlike the 450 radios they are rated for 
cambium std 29v
This is the reason I am having to upgrade all of my boxes to 48v plant as 
its base supply.

On 05/16/2016 11:35 AM, Chuck McCown wrote:

  I have an idea.  Working on an experiment.  

  From: Wireless Administrator 

  Sent: Monday, May 16, 2016 8:56 AM

  To: af@afmug.com 

  Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

  Thanks for having a look at this for us.  It sure doesn’t make sense to 
me.  The system  continues to run 1000Base-T Full Duplex here with the Cambium 
units.  I’m sure there is a reason but it looks like this one’s above my pay 
grade.

  Steve B.

  From: Af [mailto:af-boun...@afmug.com] On Behalf Of ch...@wbmfg.com
  Sent: Sunday, May 15, 2016 2:26 PM
  To: af@afmug.com
  Subject: Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

  No Joy.  Everything checks out 100%.

  I bought one the cambium units for comparison.  Its impulse breakdown 
voltage is about 5 volts to ground lower than my unit for single pin to ground. 
 Transverse impulses are clamped much lower on the cambium unit but normally 
that is not an issue.

  Pin to pin and pin to ground I have less capacitive loading than the 
cambium unit.  

  They have some other circuitry that I have yet to puzzle out.  

  Something that is not related to surge suppression.  

  In any event, your unit, a brand new unit from my stock and the cambium 
unit all show 1Gbps on the traffic tester and all show good wiring continuity 
and all show good breakdown voltage pin to ground.  Visual inspections are not 
revealing any solder bridges or manufacturing issues

  A puzzle for certain.  But I am not finished.  Stay tuned... 

  From: Wireless Administrator 

  Sent: Friday, May 6, 2016 9:16 AM

  To: af@afmug.com 

  Subject: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

  Replaced This ……

  With This …….

  On same ground point and got This ……

  :-)

  Except I want this to work …….

  L

  Extra effort to ensure clear pictures and easy to read story line ……

  Steve

  From: Wireless Administrator [mailto:wirel...@htn.net] 
  Sent: Friday, April 29, 2016 12:03 PM
  To: 'af@afmug.com'
  Subject: Gigabit Ethernet on Cambium 450i

  We’re not able to get our Cambium 450i radio’s Eth

[AFMUG] GeoIP

2016-05-16 Thread Aaron Fitzgerald

I was SWIPed a new IPv4 class C from one of my upstreams about a month ago.
GeoIP databases seem to still be showing the upstream as the owner and
their HQ as the location. Anyone know how to get those databases updated?

ARIN, ARIN's IRR, and RADB are all updated appropriately

Re: [AFMUG] ubnt malware

As i understand it, if the jar tools works, the device had not been fully
compromised yet? or it was scanning the rest of the network during the
timeframe mentioned?
Ive found two, cleaned them with the tool, but if the malware is fully
active, ssh wont be accessible anyway

On Mon, May 16, 2016 at 9:35 PM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> From what Ive read so far, the majority of them make me look like a
> network rockstar. Im telling the boss to give me a raise or ill send them a
> job app for my job
>
> On Mon, May 16, 2016 at 9:33 PM, Mike Hammett  wrote:
>
>> You've been reading comments from people that don't know what they're
>> talking about.
>>
>> 5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If
>> they have the files on them, they either weren't properly cleaned or the
>> files were uploading into an inert portion of the system that is wiped on
>> reboot.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"That One Guy /sarcasm" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:37:59 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>> are we talking can see layer two, can see via device discovery, thats a
>> broad term
>>
>> Is there any direct thread on specific symptoms beyond devices offline
>> and any traces of what takes place post infection, ive seen some comments
>> theyre doing port 53 vpns to send spam, just curios what else.
>>
>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>>
>> We only have a handful of air routers with public IPs on them, everything
>> else is internal space
>>
>> the self replication is what im wondering about, the devices on each
>> network segment are subnet isolated, but still on the same layer2
>>
>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:
>>
>>> Initially...  then every other radio (and switch) that radio can see.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions 
>>> 
>>> 
>>> 
>>> 
>>> Midwest Internet Exchange 
>>> 
>>> 
>>> 
>>> The Brothers WISP 
>>> 
>>>
>>>
>>> 
>>> --
>>> *From: *"Josh Reynolds" 
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>>> *Subject: *Re: [AFMUG] ubnt malware
>>>
>>>
>>> It's self replicating. They patched this long ago. It hits people with
>>> radios on public IPs.
>>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>>> thatoneguyst...@gmail.com> wrote:
>>>
 From what im reading in their forums something set off over the
 weekend? or is it ubnt douche nozzles?

 It sounds almost as if this malware is actively being manipulated
 (changing from key access to foul username/password, wandering control
 ports, etc, like script kiddies found a new toy?

 is this thing self propagating from the device?

 --
 If you only see yourself as part of the team but you don't see your
 team as part of yourself you have already failed as part of the team.

>>>
>>>
>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] GeoIP

You correct it with the GeoIP providers.  There's a handful of links on
different sites for you to correct it.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, May 16, 2016 at 10:48 PM, Aaron Fitzgerald  wrote:

> I was SWIPed a new IPv4 class C from one of my upstreams about a month
> ago. GeoIP databases seem to still be showing the upstream as the owner and
> their HQ as the location. Anyone know how to get those databases updated?
>
> ARIN, ARIN's IRR, and RADB are all updated appropriately
>

Re: [AFMUG] GeoIP

2016-05-16 Thread Aaron Fitzgerald

Anyone have a list of said providers?

On Mon, May 16, 2016 at 9:50 PM, Josh Luthman 
wrote:

> You correct it with the GeoIP providers.  There's a handful of links on
> different sites for you to correct it.
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Mon, May 16, 2016 at 10:48 PM, Aaron Fitzgerald 
> wrote:
>
>> I was SWIPed a new IPv4 class C from one of my upstreams about a month
>> ago. GeoIP databases seem to still be showing the upstream as the owner and
>> their HQ as the location. Anyone know how to get those databases updated?
>>
>> ARIN, ARIN's IRR, and RADB are all updated appropriately
>>
>
>

Re: [AFMUG] GeoIP

Used to...the site died a good long time ago =(


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, May 16, 2016 at 10:53 PM, Aaron Fitzgerald  wrote:

> Anyone have a list of said providers?
>
> On Mon, May 16, 2016 at 9:50 PM, Josh Luthman  > wrote:
>
>> You correct it with the GeoIP providers.  There's a handful of links on
>> different sites for you to correct it.
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Mon, May 16, 2016 at 10:48 PM, Aaron Fitzgerald 
>> wrote:
>>
>>> I was SWIPed a new IPv4 class C from one of my upstreams about a month
>>> ago. GeoIP databases seem to still be showing the upstream as the owner and
>>> their HQ as the location. Anyone know how to get those databases updated?
>>>
>>> ARIN, ARIN's IRR, and RADB are all updated appropriately
>>>
>>
>>
>

Re: [AFMUG] ubnt malware

I don't believe there's any time that SSH stops working until it erases the 
config. 

I didn't try the jar tool. I cobbled together my own method more quickly and my 
own method is more useful in that I can have it do anything. I got tied up with 
other work today, but working on a script to add firewall entries across all 
devices on the network. 

http://community.ubnt.com/t5/airMAX-General-Discussion/Infection-fix-via-ansible-Sticky-this-thread/m-p/1564746#U1564746

I had five devices that weren't patched, one on a Mikrotik AP and four that 
U-CRM somehow missed (continually) when scanning a subnet. Caught them all 
yesterday morning only a couple hours after being infected. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "That One Guy /sarcasm"  
To: af@afmug.com 
Sent: Monday, May 16, 2016 9:50:22 PM 
Subject: Re: [AFMUG] ubnt malware 

As i understand it, if the jar tools works, the device had not been fully 
compromised yet? or it was scanning the rest of the network during the 
timeframe mentioned? 
Ive found two, cleaned them with the tool, but if the malware is fully active, 
ssh wont be accessible anyway 

On Mon, May 16, 2016 at 9:35 PM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 

>From what Ive read so far, the majority of them make me look like a network 
>rockstar. Im telling the boss to give me a raise or ill send them a job app 
>for my job 

On Mon, May 16, 2016 at 9:33 PM, Mike Hammett < af...@ics-il.net > wrote: 

You've been reading comments from people that don't know what they're talking 
about. 

5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If they 
have the files on them, they either weren't properly cleaned or the files were 
uploading into an inert portion of the system that is wiped on reboot. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:37:59 PM 
Subject: Re: [AFMUG] ubnt malware 

are we talking can see layer two, can see via device discovery, thats a broad 
term 

Is there any direct thread on specific symptoms beyond devices offline and any 
traces of what takes place post infection, ive seen some comments theyre doing 
port 53 vpns to send spam, just curios what else. 

Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3 

We only have a handful of air routers with public IPs on them, everything else 
is internal space 

the self replication is what im wondering about, the devices on each network 
segment are subnet isolated, but still on the same layer2 

On Mon, May 16, 2016 at 8:31 PM, Mike Hammett < af...@ics-il.net > wrote: 

Initially... then every other radio (and switch) that radio can see. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

From: "Josh Reynolds" < j...@kyneticwifi.com > 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:30:12 PM 
Subject: Re: [AFMUG] ubnt malware 

It's self replicating. They patched this long ago. It hits people with radios 
on public IPs. 
On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 

>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 

It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 

is this thing self propagating from the device? 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] GeoIP

:-( 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Josh Luthman"  
To: af@afmug.com 
Sent: Monday, May 16, 2016 9:56:59 PM 
Subject: Re: [AFMUG] GeoIP 


Used to...the site died a good long time ago =( 






Josh Luthman 
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St 
Suite 1337 
Troy, OH 45373 

On Mon, May 16, 2016 at 10:53 PM, Aaron Fitzgerald < aa...@wifitz.net > wrote: 



Anyone have a list of said providers? 


On Mon, May 16, 2016 at 9:50 PM, Josh Luthman < j...@imaginenetworksllc.com > 
wrote: 



You correct it with the GeoIP providers. There's a handful of links on 
different sites for you to correct it. 






Josh Luthman 
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St 
Suite 1337 
Troy, OH 45373 

On Mon, May 16, 2016 at 10:48 PM, Aaron Fitzgerald < aa...@wifitz.net > wrote: 



I was SWIPed a new IPv4 class C from one of my upstreams about a month ago. 
GeoIP databases seem to still be showing the upstream as the owner and their HQ 
as the location. Anyone know how to get those databases updated? 


ARIN, ARIN's IRR, and RADB are all updated appropriately

Re: [AFMUG] GeoIP

This is barely better than nothing:

http://web.archive.org/web/20130122055317/http://nanog.cluepon.net/index.php/GeoIP


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, May 16, 2016 at 10:56 PM, Josh Luthman 
wrote:

> Used to...the site died a good long time ago =(
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Mon, May 16, 2016 at 10:53 PM, Aaron Fitzgerald 
> wrote:
>
>> Anyone have a list of said providers?
>>
>> On Mon, May 16, 2016 at 9:50 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> You correct it with the GeoIP providers.  There's a handful of links on
>>> different sites for you to correct it.
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Mon, May 16, 2016 at 10:48 PM, Aaron Fitzgerald 
>>> wrote:
>>>
 I was SWIPed a new IPv4 class C from one of my upstreams about a month
 ago. GeoIP databases seem to still be showing the upstream as the owner and
 their HQ as the location. Anyone know how to get those databases updated?

 ARIN, ARIN's IRR, and RADB are all updated appropriately

>>>
>>>
>>
>

Re: [AFMUG] ubnt malware

don't think i've come across that - - except maybe the http port was changed?
perhaps hammett can chime in, i think he's read all 30 pages too lol

  - Original Message - 
  From: TJ Trout 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 9:13 PM
  Subject: Re: [AFMUG] ubnt malware

  Anyone have luck fixing a unit that won't respond to ssh or http?

  On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller  
wrote:

Yup. Spent 3 hours reading it all last night

  - Original Message - 
  From: Josh Reynolds 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 8:56 PM
  Subject: Re: [AFMUG] ubnt malware

  There's a huge like 27 page forum thread on it.

  On May 16, 2016 8:38 PM, "That One Guy /sarcasm" 
 wrote:

are we talking can see layer two, can see via device discovery, thats a 
broad term 

Is there any direct thread on specific symptoms beyond devices offline 
and any traces of what takes place post infection, ive seen some comments 
theyre doing port 53 vpns to send spam, just curios what else.

Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 
3

We only have a handful of air routers with public IPs on them, 
everything else is internal space

the self replication is what im wondering about, the devices on each 
network segment are subnet isolated, but still on the same layer2

On Mon, May 16, 2016 at 8:31 PM, Mike Hammett  wrote:

  Initially...  then every other radio (and switch) that radio can see.

  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP

--

  From: "Josh Reynolds" 
  To: af@afmug.com
  Sent: Monday, May 16, 2016 8:30:12 PM
  Subject: Re: [AFMUG] ubnt malware 

  It's self replicating. They patched this long ago. It hits people 
with radios on public IPs.

  On May 16, 2016 8:19 PM, "That One Guy /sarcasm" 
 wrote:

From what im reading in their forums something set off over the 
weekend? or is it ubnt douche nozzles? 

It sounds almost as if this malware is actively being manipulated 
(changing from key access to foul username/password, wandering control ports, 
etc, like script kiddies found a new toy?

is this thing self propagating from the device?

-- 

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.

-- 

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.

Re: [AFMUG] GeoIP

2016-05-16 Thread Eric Kuhnke

"Class C"?  What is this, 1993?

On Mon, May 16, 2016 at 7:48 PM, Aaron Fitzgerald  wrote:

> I was SWIPed a new IPv4 class C from one of my upstreams about a month
> ago. GeoIP databases seem to still be showing the upstream as the owner and
> their HQ as the location. Anyone know how to get those databases updated?
>
> ARIN, ARIN's IRR, and RADB are all updated appropriately
>

Re: [AFMUG] GeoIP

It doesn't seem to have the most recent information, but check this out: 
https://web.archive.org/web/20130122055317/http://nanog.cluepon.net/index.php/GeoIP
 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Josh Luthman"  
To: af@afmug.com 
Sent: Monday, May 16, 2016 9:56:59 PM 
Subject: Re: [AFMUG] GeoIP 


Used to...the site died a good long time ago =( 






Josh Luthman 
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St 
Suite 1337 
Troy, OH 45373 

On Mon, May 16, 2016 at 10:53 PM, Aaron Fitzgerald < aa...@wifitz.net > wrote: 



Anyone have a list of said providers? 


On Mon, May 16, 2016 at 9:50 PM, Josh Luthman < j...@imaginenetworksllc.com > 
wrote: 



You correct it with the GeoIP providers. There's a handful of links on 
different sites for you to correct it. 






Josh Luthman 
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St 
Suite 1337 
Troy, OH 45373 

On Mon, May 16, 2016 at 10:48 PM, Aaron Fitzgerald < aa...@wifitz.net > wrote: 



I was SWIPed a new IPv4 class C from one of my upstreams about a month ago. 
GeoIP databases seem to still be showing the upstream as the owner and their HQ 
as the location. Anyone know how to get those databases updated? 


ARIN, ARIN's IRR, and RADB are all updated appropriately

Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running 100Mbps

2016-05-16 Thread George Skorup

FYI, I got a couple 450 APs (not 450i's) with busted LEDs. One the power
LED simply doesn't light up. The other one is one of the GPS or session
LEDs. Both seemed to work fine, so we said screw it and installed.

Then we got a new 5GHz 450 SM that wouldn't power up. Tweak the cable
just right and it would come on. I suspect a bad solder joint on the
RJ45. And a new 3GHz SM had a component rattling around inside. Small
surface mount ceramic cap or resistor fell out.

This is probably out of the hundred or so we've bought so far this year.
Not a very high out of box defective rate at all. Just wanted to mention
it. The pessimist in me says they're having some soldering problems in
Mexico. But what do I know.

On 5/16/2016 9:34 PM, Matt Mangriotis wrote:

We’re looking into this Ken… our engineering team is trying to replicate.

Will update your forum thread with results once figured out.

Matt

*From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *Ken Hohhof
*Sent:* Monday, May 16, 2016 9:23 PM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running
100Mbps

No, the reason I’m asking is I’m seeing the LED totally off when
running at 1000 Mbps. Not orange like the user guide says. What I am
seeing on the actual AP is:

10M: red

100M: green

1000M: off, nothing, nada, zilch, dark, devoid of visible radiation

It really screwed me up because I thought there was no link, until I
realized it was working fine at 1000FDX and reporting 1000FDX in the GUI.

*From:*Eric Kuhnke

*Sent:*Monday, May 16, 2016 8:51 PM

*To:*af@afmug.com

*Subject:*Re: [AFMUG] Gigabit Ethernet on Cambium 450i only running
100Mbps

I've seen this a lot - the Intel 1000BaseT server NICs all use
yellow-orange for an active 1000Mbps link, and green for 100Mbps.
Seems counter intuitive but it is sort of a 'standard'.

Such as the i350-T2 and others.

http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/intel-gigabit-server-adapters/intel-ethernet-server-adapter-i350-series/intel-ethernet-server-adapter-i350-t2.html

On Mon, May 16, 2016 at 4:51 PM, Josh Reynolds > wrote:

That sounds really backwards compared to most gear I'm familiar with.

On Mon, May 16, 2016 at 6:18 PM, Ken Hohhof mailto:af...@kwisp.com>> wrote:

I have a question while we are on the topic: what color is
the last LED on your 450i AP when it is running at 1000 Mbps?
I know it’s green at 100 Mbps, but what about 1000 Mbps? I

know the user guide says orange, but is that what your AP
actually does?

*From:*David

*Sent:*Monday, May 16, 2016 3:22 PM

*To:*af@afmug.com

*Subject:*Re: [AFMUG] Gigabit Ethernet on Cambium 450i only
running 100Mbps

I am only catching part of this thread so dont throw anything
at me for not reading the whole thread.
450i radios are rated for the 56v unlike the 450 radios they
are rated for cambium std 29v
This is the reason I am having to upgrade all of my boxes to
48v plant as its base supply.

On 05/16/2016 11:35 AM, Chuck McCown wrote:

I have an idea. Working on an experiment.

*From:*Wireless Administrator

*Sent:*Monday, May 16, 2016 8:56 AM

*To:*af@afmug.com

*Subject:*Re: [AFMUG] Gigabit Ethernet on Cambium 450i
only running 100Mbps

Thanks for having a look at this for us. It sure doesn’t
make sense to me. The system continues to run 1000Base-T
Full Duplex here with the Cambium units. I’m sure there
is a reason but it looks like this one’s above my pay grade.

Steve B.

*From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of
*ch...@wbmfg.com
*Sent:* Sunday, May 15, 2016 2:26 PM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] Gigabit Ethernet on Cambium 450i
only running 100Mbps

No Joy. Everything checks out 100%.

I bought one the cambium units for comparison. Its impulse
breakdown voltage is about 5 volts to ground lower than my
unit for single pin to ground. Transverse impulses are
clamped much lower on the cambium unit but normally that
is not an issue.

Pin to pin and pin to ground I have less capacitive
loading than the cambium unit.

They have some other circuitry that I have yet to puzzle out.

Something that is not related to surge suppression.

In any event, your unit, a brand new unit from my stock
and the cambium unit all show 1Gbps

Re: [AFMUG] GeoIP

2016-05-16 Thread Aaron Fitzgerald

Can't ever say I'm classless...

On Mon, May 16, 2016 at 10:03 PM, Eric Kuhnke  wrote:

> "Class C"?  What is this, 1993?
>
> On Mon, May 16, 2016 at 7:48 PM, Aaron Fitzgerald 
> wrote:
>
>> I was SWIPed a new IPv4 class C from one of my upstreams about a month
>> ago. GeoIP databases seem to still be showing the upstream as the owner and
>> their HQ as the location. Anyone know how to get those databases updated?
>>
>> ARIN, ARIN's IRR, and RADB are all updated appropriately
>>
>
>

Re: [AFMUG] GeoIP

When Cisco stops teaching it, you'll likely stop hearing it. Or, when those
of us who remember those days simply fade away into the matrix.
On May 16, 2016 10:03 PM, "Eric Kuhnke"  wrote:

> "Class C"?  What is this, 1993?
>
> On Mon, May 16, 2016 at 7:48 PM, Aaron Fitzgerald 
> wrote:
>
>> I was SWIPed a new IPv4 class C from one of my upstreams about a month
>> ago. GeoIP databases seem to still be showing the upstream as the owner and
>> their HQ as the location. Anyone know how to get those databases updated?
>>
>> ARIN, ARIN's IRR, and RADB are all updated appropriately
>>
>
>

Re: [AFMUG] GeoIP

I think the general conclusion is that the geoip will eventually auto
correct, and any efforts you put forth to manually do it are a waste of
your time, they are idiots.

On Mon, May 16, 2016 at 8:09 PM, Aaron Fitzgerald  wrote:

> Can't ever say I'm classless...
>
>
> On Mon, May 16, 2016 at 10:03 PM, Eric Kuhnke 
> wrote:
>
>> "Class C"?  What is this, 1993?
>>
>> On Mon, May 16, 2016 at 7:48 PM, Aaron Fitzgerald 
>> wrote:
>>
>>> I was SWIPed a new IPv4 class C from one of my upstreams about a month
>>> ago. GeoIP databases seem to still be showing the upstream as the owner and
>>> their HQ as the location. Anyone know how to get those databases updated?
>>>
>>> ARIN, ARIN's IRR, and RADB are all updated appropriately
>>>
>>
>>
>

Re: [AFMUG] GeoIP

They don't autocorrect... At least, not in my experience. We waited for 5
years on a block. It'd likely still be wrong if I hadn't changed it.
On May 16, 2016 10:14 PM, "TJ Trout"  wrote:

> I think the general conclusion is that the geoip will eventually auto
> correct, and any efforts you put forth to manually do it are a waste of
> your time, they are idiots.
>
> On Mon, May 16, 2016 at 8:09 PM, Aaron Fitzgerald 
> wrote:
>
>> Can't ever say I'm classless...
>>
>>
>> On Mon, May 16, 2016 at 10:03 PM, Eric Kuhnke 
>> wrote:
>>
>>> "Class C"?  What is this, 1993?
>>>
>>> On Mon, May 16, 2016 at 7:48 PM, Aaron Fitzgerald 
>>> wrote:
>>>
 I was SWIPed a new IPv4 class C from one of my upstreams about a month
 ago. GeoIP databases seem to still be showing the upstream as the owner and
 their HQ as the location. Anyone know how to get those databases updated?

 ARIN, ARIN's IRR, and RADB are all updated appropriately

>>>
>>>
>>
>

Re: [AFMUG] ubnt malware

True! but that hasn't happened yet, and it still shouldn't get beyond that
customer's radio.

On Mon, May 16, 2016 at 9:35 PM, Mike Hammett  wrote:

> Until it gets delivered via Flash or Java or something else...   ;-)
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Mathew Howard" 
> *To: *"af" 
> *Sent: *Monday, May 16, 2016 9:16:40 PM
> *Subject: *Re: [AFMUG] ubnt malware
>
> If you have firewall rules at the edge of the network blocking the
> management ports ti the airrouters that are on public IPs, they're probably
> fine. We still have some radios that are on old firmware, but   I haven't
> been able to find anything on our network that's infected. Fortunately,
> when I was setting up the firewall rules to block access to the CPEs from
> outside our network, I decided it was desirable to block customers from
> being able to get to other customers radios as well... which should break
> the self replicating part of this thing, so even if it does somehow get
> into our network, it shouldn't be able to get far.
>
> That said, I'm updating everything that isn't on at least 5.6.2 right
> away.
> On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
> yeah, thats amazing me, one fella was complaining about how much of a
> problem it would be to take a unit offline to get on a bench. I would think
> if things are that bad that your network is progressively shutting down,
> convenience would be the least of your concerns.
>
> I have to investigate a couple anomalies on the network, in the back of my
> mind Im hoping the air routers have been hit to put a nail in their coffins
> so we cam go with mikrotiks as the CPE router instead
>
> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds 
> wrote:
>
>> Or threatening to sue because of their own personal ignorance and
>> negligence.
>> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>>
>>> A good amount of it is just people that don't know any better making
>>> false observations.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions 
>>> 
>>> 
>>> 
>>> 
>>> Midwest Internet Exchange 
>>> 
>>> 
>>> 
>>> The Brothers WISP 
>>> 
>>>
>>>
>>> 
>>> --
>>> *From: *"That One Guy /sarcasm" 
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>>> *Subject: *[AFMUG] ubnt malware
>>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>

Re: [AFMUG] ubnt malware

...unless of course it gets on a PC at the office... in which case we'd be
in trouble.

On Mon, May 16, 2016 at 10:53 PM, Mathew Howard 
wrote:

> True! but that hasn't happened yet, and it still shouldn't get beyond that
> customer's radio.
>
> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett  wrote:
>
>> Until it gets delivered via Flash or Java or something else...   ;-)
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"Mathew Howard" 
>> *To: *"af" 
>> *Sent: *Monday, May 16, 2016 9:16:40 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>> If you have firewall rules at the edge of the network blocking the
>> management ports ti the airrouters that are on public IPs, they're probably
>> fine. We still have some radios that are on old firmware, but   I haven't
>> been able to find anything on our network that's infected. Fortunately,
>> when I was setting up the firewall rules to block access to the CPEs from
>> outside our network, I decided it was desirable to block customers from
>> being able to get to other customers radios as well... which should break
>> the self replicating part of this thing, so even if it does somehow get
>> into our network, it shouldn't be able to get far.
>>
>> That said, I'm updating everything that isn't on at least 5.6.2 right
>> away.
>> On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>> yeah, thats amazing me, one fella was complaining about how much of a
>> problem it would be to take a unit offline to get on a bench. I would think
>> if things are that bad that your network is progressively shutting down,
>> convenience would be the least of your concerns.
>>
>> I have to investigate a couple anomalies on the network, in the back of
>> my mind Im hoping the air routers have been hit to put a nail in their
>> coffins so we cam go with mikrotiks as the CPE router instead
>>
>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds 
>> wrote:
>>
>>> Or threatening to sue because of their own personal ignorance and
>>> negligence.
>>> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>>>
 A good amount of it is just people that don't know any better making
 false observations.



 -
 Mike Hammett
 Intelligent Computing Solutions 
 
 
 
 
 Midwest Internet Exchange 
 
 
 
 The Brothers WISP 
 


 
 --
 *From: *"That One Guy /sarcasm" 
 *To: *af@afmug.com
 *Sent: *Monday, May 16, 2016 8:19:00 PM
 *Subject: *[AFMUG] ubnt malware

 From what im reading in their forums something set off over the
 weekend? or is it ubnt douche nozzles?

 It sounds almost as if this malware is actively being manipulated
 (changing from key access to foul username/password, wandering control
 ports, etc, like script kiddies found a new toy?

 is this thing self propagating from the device?

 --
 If you only see yourself as part of the team but you don't see your
 team as part of yourself you have already failed as part of the team.


>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>
>>
>

Re: [AFMUG] GeoIP

2016-05-16 Thread Jesse DuPont


  
  
Yeah, getting those updated sucks because a heavily used one
  (IPligence) isn't well managed. Just takes a lot of persistence in
  contacting them. It's sad that companies like Yahoo and ESPN still
  use IPliegence even though they're notoriously slow at updating.
  Maxmind's and Neustar's GeoIP groups are considerably faster and
  updating and are actually responsive if you reach out to them.


  
  
  
  
  
  
  
  
  
  
  
  
  
Jesse DuPont

  Network
  Architect
  email: jesse.dup...@celeritycorp.net
  Celerity Networks LLC
  Celerity
  Broadband LLC
Like us! facebook.com/celeritynetworksllc
  Like us! facebook.com/celeritybroadband
  

  

On 5/16/16 8:48 PM, Aaron Fitzgerald
  wrote:


  I was SWIPed a new
  IPv4 class C from one of my upstreams about a month ago. GeoIP
  databases seem to still be showing the upstream as the owner
  and their HQ as the location. Anyone know how to get those
  databases updated?


ARIN, ARIN's IRR, and RADB are all
  updated appropriately

Re: [AFMUG] ubnt malware