Re: [AFMUG] IPv4 auction alternatives?

[That One Guy /sarcasm]

yet being operative
playstation will make the plunge and then others will too


On Sun, Nov 13, 2016 at 12:19 AM, TJ Trout  wrote:

> Why not just nat/cgnat at that point? are we even going to see 100% ipv6
> in our life time?
>
> $10 a sub to buy a ipv4 isn't really that expensive anyway...
>
> On Sat, Nov 12, 2016 at 10:16 PM, Cassidy B. Larson 
> wrote:
>
>> Wonder if I could offer an “IPv6-Only” type of account at a discounted
>> rate.
>> They'd get their Netflix, their Facebook and everything else that’s v6
>> reachable.
>> If they can’t get to a v4 only site/service, then they can be the vocal
>> ones complaining to the site owners to get their act in gear.
>>
>>
>> On Nov 12, 2016, at 10:47 PM, Sterling Jacobson 
>> wrote:
>>
>> Except that you literally cannot ‘move to IPv6’ and have happy clients
>> yet.
>>
>> *From:* Af [mailto:af-boun...@afmug.com ] *On
>> Behalf Of *Kurt Fankhauser
>> *Sent:* Saturday, November 12, 2016 7:17 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] IPv4 auction alternatives?
>>
>> Wow, didn't know that /24's were going for that high. I would move to
>> IPv6 as fast as I can!
>>
>> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
>> wrote:
>>
>> That's actually a pretty good price.
>>
>> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>>
>> Are there any other alternatives than the ipv4auctions.com style
>> websites, which seem like highway robbery at $3584 current bid for a /24?
>>
>>
>>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] IPv4 auction alternatives?

[TJ Trout]

Why not just nat/cgnat at that point? are we even going to see 100% ipv6 in
our life time?

$10 a sub to buy a ipv4 isn't really that expensive anyway...

On Sat, Nov 12, 2016 at 10:16 PM, Cassidy B. Larson 
wrote:

> Wonder if I could offer an “IPv6-Only” type of account at a discounted
> rate.
> They'd get their Netflix, their Facebook and everything else that’s v6
> reachable.
> If they can’t get to a v4 only site/service, then they can be the vocal
> ones complaining to the site owners to get their act in gear.
>
>
> On Nov 12, 2016, at 10:47 PM, Sterling Jacobson 
> wrote:
>
> Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
>
> *From:* Af [mailto:af-boun...@afmug.com ] *On
> Behalf Of *Kurt Fankhauser
> *Sent:* Saturday, November 12, 2016 7:17 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] IPv4 auction alternatives?
>
> Wow, didn't know that /24's were going for that high. I would move to IPv6
> as fast as I can!
>
> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
> wrote:
>
> That's actually a pretty good price.
>
> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>
> Are there any other alternatives than the ipv4auctions.com style
> websites, which seem like highway robbery at $3584 current bid for a /24?
>
>
>

Re: [AFMUG] IPv4 auction alternatives?

[Cassidy B. Larson]

Wonder if I could offer an “IPv6-Only” type of account at a discounted rate.
They'd get their Netflix, their Facebook and everything else that’s v6 
reachable.  
If they can’t get to a v4 only site/service, then they can be the vocal ones 
complaining to the site owners to get their act in gear. 

> On Nov 12, 2016, at 10:47 PM, Sterling Jacobson  wrote:
> 
> Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
>  
> From: Af [mailto:af-boun...@afmug.com ] On 
> Behalf Of Kurt Fankhauser
> Sent: Saturday, November 12, 2016 7:17 PM
> To: af@afmug.com 
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>  
> Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
> fast as I can!
>  
> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  > wrote:
> That's actually a pretty good price.
> 
>  
> On Nov 11, 2016 6:42 PM, "Dev"  > wrote:
> Are there any other alternatives than the ipv4auctions.com 
>  style websites, which seem like highway robbery at 
> $3584 current bid for a /24?

Re: [AFMUG] IPv4 auction alternatives?

[Sterling Jacobson]

Except that you literally cannot ‘move to IPv6’ and have happy clients yet.

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
Sent: Saturday, November 12, 2016 7:17 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?

Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
fast as I can!

On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
mailto:j...@kyneticwifi.com>> wrote:

That's actually a pretty good price.

On Nov 11, 2016 6:42 PM, "Dev" 
mailto:d...@logicalwebhost.com>> wrote:
Are there any other alternatives than the 
ipv4auctions.com style websites, which seem like 
highway robbery at $3584 current bid for a /24?

Re: [AFMUG] IPv4 auction alternatives?

[That One Guy /sarcasm]

somethings going to give, between ip6 adoption and activity enforcement
this is going to be a bubble

On Sat, Nov 12, 2016 at 8:37 PM, Jon Langeler 
wrote:

> Until you realize it might be easier to just buy an IPv4 block. That $3500
> price is cheap too
>
> Jon Langeler
> Michwave Technologies, Inc.
>
>
> On Nov 12, 2016, at 9:17 PM, Kurt Fankhauser 
> wrote:
>
> Wow, didn't know that /24's were going for that high. I would move to IPv6
> as fast as I can!
>
> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
> wrote:
>
>> That's actually a pretty good price.
>>
>> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>>
>>> Are there any other alternatives than the ipv4auctions.com style
>>> websites, which seem like highway robbery at $3584 current bid for a /24?
>>>
>>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] IPv4 auction alternatives?

[Jon Langeler]

Until you realize it might be easier to just buy an IPv4 block. That $3500 
price is cheap too 

Jon Langeler
Michwave Technologies, Inc.


> On Nov 12, 2016, at 9:17 PM, Kurt Fankhauser  wrote:
> 
> Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
> fast as I can!
> 
>> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  wrote:
>> That's actually a pretty good price.
>> 
>> 
>>> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>>> Are there any other alternatives than the ipv4auctions.com style websites, 
>>> which seem like highway robbery at $3584 current bid for a /24?
> 

Re: [AFMUG] IPv4 auction alternatives?

[Kurt Fankhauser]

Wow, didn't know that /24's were going for that high. I would move to IPv6
as fast as I can!

On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  wrote:

> That's actually a pretty good price.
>
> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>
>> Are there any other alternatives than the ipv4auctions.com style
>> websites, which seem like highway robbery at $3584 current bid for a /24?
>>
>

Re: [AFMUG] Trango Security Issue

[Josh Reynolds]

+1

On Nov 12, 2016 1:37 PM, "Colin Stanners"  wrote:

> Any security holes are perfectly secure until they are discovered. Having
> a backdoor into your products can be argued as good or bad, mostly
> depending on whether customers know or not.
>
> But the crux is that having a hard-coded password on devices is still
> monumentally stupid, when it's trivially easy to secure a backdoor in such
> cases (as long as the private key isn't stolen), e.g. the method of the
> password being a hash of the unit's MAC address run through public key
> cryptography.. that way customers need to contact tech support with the
> unit's MAC address to get the reset password.
>
>
>
> On Sat, Nov 12, 2016 at 1:17 PM, Chris Gustaf  wrote:
>
>> A couple clarifications on this-
>>
>> 1) All Trango microwave products have separate control and data planes,
>> so root level access does not allow any packet sniffing. No user data goes
>> through the CPU.
>>
>> 2) Trango investigated using a Salt to make each root level password
>> unique, but opted against it since our support team frequently has been
>> requested to access radios where the user level passwords were forgotten
>> and reset to defaults. Without a known root password, a tower climb may be
>> required to physically reset the radio to factory.
>>
>> 3) Trango opted instead to periodically change root passwords on firmware
>> updates.
>>
>> The current method has worked well for 10 years with no breaches reported
>> to us. In fact, Trango has passed PCI compliance testing with it's SL24
>> product using this method.
>>
>> That said, we would welcome a discussion on this since this type of tower
>> mounted product differs from other network devices residing in a network
>> closet.
>>
>> Regards,
>>
>> Chris Gustaf
>> Trango Engineering
>>
>>
>>
>>
>>
>>
>>
>> Sent from my mobile
>>
>> On Nov 12, 2016, at 4:09 AM, Paul Stewart  wrote:
>>
>> Yikes….
>>
>>
>>
>> [+] Credits: Ian Ling
>> [+] Website: iancaling.com
>> [+] Source: http://blog.iancaling.com/post/153011925478/
>>
>> Vendor:
>> =
>> www.trangosys.com
>>
>> Products:
>> ==
>> All models. Newer versions use a different password.
>>
>> Vulnerability Type:
>> ===
>> Default Root Account
>>
>> CVE Reference:
>> ==
>> N/A
>>
>> Vulnerability Details:
>> =
>>
>> Trango devices all have a built-in, hidden root account, with a default
>> password that is the same across many devices and software revisions. This
>> account is accessible via ssh and grants access to the underlying embedded
>> unix OS on the device, allowing full control over it. Recent software
>> updates for some models have changed this password, but have not removed
>> this backdoor. See source above for details on how the password was found.
>>
>> The particular password I found is 9 characters, all lowercase, no
>> numbers: "bakergiga"
>> Their support team informed me that there is a different password on
>> newer devices.
>>
>> The password I found works on the following devices:
>>
>> -Apex <= 2.1.1 (latest)
>> -ApexLynx < 2.0
>> -ApexOrion < 2.0
>> -ApexPlus <= 3.2.0 (latest)
>> -Giga <= 2.6.1 (latest)
>> -GigaLynx < 2.0
>> -GigaOrion < 2.0
>> -GigaPlus <= 3.2.3 (latest)
>> -GigaPro <= 1.4.1 (latest)
>> -StrataLink < 3.0
>> -StrataPro - all versions?
>>
>> Impact:
>> The remote attacker has full control over the device, including shell
>> access. This can lead to packet sniffing and tampering, bricking the
>> device, and use in botnets.
>>
>>
>> Disclosure Timeline:
>> ===
>> Vendor Notification: October 7, 2016
>> Public Disclosure: November 10, 2016
>>
>> Exploitation Technique:
>> ===
>> Remote
>>
>> Severity Level:
>> 
>> Critical
>>
>>
>

Re: [AFMUG] Trango Security Issue

[Seth Mattinen]

On 11/12/16 11:17, Chris Gustaf wrote:

The current method has worked well for 10 years with no breaches
reported to us.



The secret is out, time to reset the clock.

~Seth

Re: [AFMUG] Trango Security Issue

[Colin Stanners]

Any security holes are perfectly secure until they are discovered. Having a
backdoor into your products can be argued as good or bad, mostly depending
on whether customers know or not.

But the crux is that having a hard-coded password on devices is still
monumentally stupid, when it's trivially easy to secure a backdoor in such
cases (as long as the private key isn't stolen), e.g. the method of the
password being a hash of the unit's MAC address run through public key
cryptography.. that way customers need to contact tech support with the
unit's MAC address to get the reset password.



On Sat, Nov 12, 2016 at 1:17 PM, Chris Gustaf  wrote:

> A couple clarifications on this-
>
> 1) All Trango microwave products have separate control and data planes, so
> root level access does not allow any packet sniffing. No user data goes
> through the CPU.
>
> 2) Trango investigated using a Salt to make each root level password
> unique, but opted against it since our support team frequently has been
> requested to access radios where the user level passwords were forgotten
> and reset to defaults. Without a known root password, a tower climb may be
> required to physically reset the radio to factory.
>
> 3) Trango opted instead to periodically change root passwords on firmware
> updates.
>
> The current method has worked well for 10 years with no breaches reported
> to us. In fact, Trango has passed PCI compliance testing with it's SL24
> product using this method.
>
> That said, we would welcome a discussion on this since this type of tower
> mounted product differs from other network devices residing in a network
> closet.
>
> Regards,
>
> Chris Gustaf
> Trango Engineering
>
>
>
>
>
>
>
> Sent from my mobile
>
> On Nov 12, 2016, at 4:09 AM, Paul Stewart  wrote:
>
> Yikes….
>
>
>
> [+] Credits: Ian Ling
> [+] Website: iancaling.com
> [+] Source: http://blog.iancaling.com/post/153011925478/
>
> Vendor:
> =
> www.trangosys.com
>
> Products:
> ==
> All models. Newer versions use a different password.
>
> Vulnerability Type:
> ===
> Default Root Account
>
> CVE Reference:
> ==
> N/A
>
> Vulnerability Details:
> =
>
> Trango devices all have a built-in, hidden root account, with a default
> password that is the same across many devices and software revisions. This
> account is accessible via ssh and grants access to the underlying embedded
> unix OS on the device, allowing full control over it. Recent software
> updates for some models have changed this password, but have not removed
> this backdoor. See source above for details on how the password was found.
>
> The particular password I found is 9 characters, all lowercase, no
> numbers: "bakergiga"
> Their support team informed me that there is a different password on newer
> devices.
>
> The password I found works on the following devices:
>
> -Apex <= 2.1.1 (latest)
> -ApexLynx < 2.0
> -ApexOrion < 2.0
> -ApexPlus <= 3.2.0 (latest)
> -Giga <= 2.6.1 (latest)
> -GigaLynx < 2.0
> -GigaOrion < 2.0
> -GigaPlus <= 3.2.3 (latest)
> -GigaPro <= 1.4.1 (latest)
> -StrataLink < 3.0
> -StrataPro - all versions?
>
> Impact:
> The remote attacker has full control over the device, including shell
> access. This can lead to packet sniffing and tampering, bricking the
> device, and use in botnets.
>
>
> Disclosure Timeline:
> ===
> Vendor Notification: October 7, 2016
> Public Disclosure: November 10, 2016
>
> Exploitation Technique:
> ===
> Remote
>
> Severity Level:
> 
> Critical
>
>

Re: [AFMUG] Trango Security Issue

[Chris Gustaf]

A couple clarifications on this-

1) All Trango microwave products have separate control and data planes, so
root level access does not allow any packet sniffing. No user data goes
through the CPU.

2) Trango investigated using a Salt to make each root level password
unique, but opted against it since our support team frequently has been
requested to access radios where the user level passwords were forgotten
and reset to defaults. Without a known root password, a tower climb may be
required to physically reset the radio to factory.

3) Trango opted instead to periodically change root passwords on firmware
updates.

The current method has worked well for 10 years with no breaches reported
to us. In fact, Trango has passed PCI compliance testing with it's SL24
product using this method.

That said, we would welcome a discussion on this since this type of tower
mounted product differs from other network devices residing in a network
closet.

Regards,

Chris Gustaf
Trango Engineering







Sent from my mobile

On Nov 12, 2016, at 4:09 AM, Paul Stewart  wrote:

Yikes….



[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/153011925478/

Vendor:
=
www.trangosys.com

Products:
==
All models. Newer versions use a different password.

Vulnerability Type:
===
Default Root Account

CVE Reference:
==
N/A

Vulnerability Details:
=

Trango devices all have a built-in, hidden root account, with a default
password that is the same across many devices and software revisions. This
account is accessible via ssh and grants access to the underlying embedded
unix OS on the device, allowing full control over it. Recent software
updates for some models have changed this password, but have not removed
this backdoor. See source above for details on how the password was found.

The particular password I found is 9 characters, all lowercase, no numbers:
"bakergiga"
Their support team informed me that there is a different password on newer
devices.

The password I found works on the following devices:

-Apex <= 2.1.1 (latest)
-ApexLynx < 2.0
-ApexOrion < 2.0
-ApexPlus <= 3.2.0 (latest)
-Giga <= 2.6.1 (latest)
-GigaLynx < 2.0
-GigaOrion < 2.0
-GigaPlus <= 3.2.3 (latest)
-GigaPro <= 1.4.1 (latest)
-StrataLink < 3.0
-StrataPro - all versions?

Impact:
The remote attacker has full control over the device, including shell
access. This can lead to packet sniffing and tampering, bricking the
device, and use in botnets.


Disclosure Timeline:
===
Vendor Notification: October 7, 2016
Public Disclosure: November 10, 2016

Exploitation Technique:
===
Remote

Severity Level:

Critical

Re: [AFMUG] AT&T DSL / "U-Verse" and Mikrotik

[justsumname .]

Hah yeah... so I tried DHCP first, could NOT make the Mikrotik get an
IP.   Thought, hey, this is PPPoE... googled for that sorta thing... then
realized NO it is plain DHCP... then worked with this finicky DSL modem
thing a while, then refreshed here and saw this... and checking my
Mikrotik, it now has an IP.   But I think I'll turn on the passthrough or
whatever it is... I don't need a double NAT.

sorry for the dumb thread.


On Sat, Nov 12, 2016 at 1:27 PM, Ken Hohhof  wrote:

> I’ve done it on a business UVerse connection with static IPs, but I assume
> you have just a regular residential account.  (FYI, even at my house, I
> find the “dynamic” IP address does not change very often if ever.)
>
>
>
> But what did you search for on the web?  I Googled it and in about 10
> seconds found a guy claiming to have the solution:
>
> https://forums.att.com/t5/AT-T-Internet-Equipment/Using-
> your-own-router-with-the-Motorola-NVG510-it-absolutely/td-p/3434307
>
>
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Saturday, November 12, 2016 12:15 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] AT&T DSL / "U-Verse" and Mikrotik
>
>
>
> not sure about this one, but the "bridging" with uverse is dumb, you have
> to do something to disable nat and set its internal dhcp server to hand out
> the public IP, its cobblefuckery at its finest
>
>
>
> On Sat, Nov 12, 2016 at 10:29 AM, justsumname . 
> wrote:
>
> I'm searching today to see if and how.   Can anyone say if this is even
> possible?I've got their new NVG510 'modem', trying to make my Mikrotik
> talk to it, to do my own wifi and house LAN... no go.
>
>
>
> ...searching the webs ... searching...
>
>
>
> thx
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] AT&T DSL / "U-Verse" and Mikrotik

[Ken Hohhof]

I’ve done it on a business UVerse connection with static IPs, but I assume you 
have just a regular residential account.  (FYI, even at my house, I find the 
“dynamic” IP address does not change very often if ever.)

 

But what did you search for on the web?  I Googled it and in about 10 seconds 
found a guy claiming to have the solution:

https://forums.att.com/t5/AT-T-Internet-Equipment/Using-your-own-router-with-the-Motorola-NVG510-it-absolutely/td-p/3434307

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Saturday, November 12, 2016 12:15 PM
To: af@afmug.com
Subject: Re: [AFMUG] AT&T DSL / "U-Verse" and Mikrotik

 

not sure about this one, but the "bridging" with uverse is dumb, you have to do 
something to disable nat and set its internal dhcp server to hand out the 
public IP, its cobblefuckery at its finest

 

On Sat, Nov 12, 2016 at 10:29 AM, justsumname . mailto:unixday...@gmail.com> > wrote:

I'm searching today to see if and how.   Can anyone say if this is even 
possible?I've got their new NVG510 'modem', trying to make my Mikrotik talk 
to it, to do my own wifi and house LAN... no go.

 

...searching the webs ... searching...

 

thx





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] AT&T DSL / "U-Verse" and Mikrotik

[That One Guy /sarcasm]

not sure about this one, but the "bridging" with uverse is dumb, you have
to do something to disable nat and set its internal dhcp server to hand out
the public IP, its cobblefuckery at its finest

On Sat, Nov 12, 2016 at 10:29 AM, justsumname . 
wrote:

> I'm searching today to see if and how.   Can anyone say if this is even
> possible?I've got their new NVG510 'modem', trying to make my Mikrotik
> talk to it, to do my own wifi and house LAN... no go.
>
> ...searching the webs ... searching...
>
> thx
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] 802.11ad Deployment in a House

[Jaime Solorza]

Most 60GHz gear for indoors has been for video application such as TV or
presentations in small rooms... I am sure it would be good for gyms and
halls for cameras and such.

On Nov 12, 2016 10:42 AM, "Sterling Jacobson"  wrote:

> Yes, that sounds about right.
>
>
>
> Taking a closer look at the properties of 802.11ad, maybe they need to
> make a “thin” device for each room with Ethernet.
>
>
>
> Something like an in wall (1Gang) unit that has POE from the central
> location, a GigE Ethernet port and a thin 6’ flat cable with a small 60GHz
> array at the end that sticks on the wall.
>
>
>
> Then you could get that antenna up higher for LOS in the room without
> using a ceiling AP?
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Harold Bledsoe
> *Sent:* Saturday, November 12, 2016 10:03 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] 802.11ad Deployment in a House
>
>
>
> I think the idea is that 11ad will be opportunistic offload. For
> enterprise it makes a lot of sense because you have dense users and ceiling
> mounted APs.  For home it is a little more challenging because you would
> need one in each room that you want to "offload" to 60GHz.
>
>
>
> The applications where 60ghz makes sense is where you would think
> seriously about using a wire (where you need high bandwidth, low latency -
> basically a wire experience).  Video streaming, gaming, that sort of stuff
> would be the low-hanging fruit.
>
>
>
> -Hal
>
>
>
> On Sat, Nov 12, 2016 at 8:06 AM Seth Mattinen  wrote:
>
> On 11/12/16 7:04 AM, Bill Prince wrote:
> > I would think that 60 GHz "might" be useful if the AP and a UHD TV were
> > in the same room, and your 2.4GHz and 5GHz channels were all trash
> > because of close proximity of neighbors.
> >
> > But overall, I think it would be more trouble than most consumers can
> > deal with.
>
>
> I've been using a 60GHz HDMI bridge for several years between the AV
> gear and the projector. Works great unless the cat sits on it because
> it's warm.
>
> ~Seth
>
>

Re: [AFMUG] 802.11ad Deployment in a House

[Sterling Jacobson]

Yes, that sounds about right.

Taking a closer look at the properties of 802.11ad, maybe they need to make a 
“thin” device for each room with Ethernet.

Something like an in wall (1Gang) unit that has POE from the central location, 
a GigE Ethernet port and a thin 6’ flat cable with a small 60GHz array at the 
end that sticks on the wall.

Then you could get that antenna up higher for LOS in the room without using a 
ceiling AP?

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Harold Bledsoe
Sent: Saturday, November 12, 2016 10:03 AM
To: af@afmug.com
Subject: Re: [AFMUG] 802.11ad Deployment in a House

I think the idea is that 11ad will be opportunistic offload. For enterprise it 
makes a lot of sense because you have dense users and ceiling mounted APs.  For 
home it is a little more challenging because you would need one in each room 
that you want to "offload" to 60GHz.

The applications where 60ghz makes sense is where you would think seriously 
about using a wire (where you need high bandwidth, low latency - basically a 
wire experience).  Video streaming, gaming, that sort of stuff would be the 
low-hanging fruit.

-Hal

On Sat, Nov 12, 2016 at 8:06 AM Seth Mattinen 
mailto:se...@rollernet.us>> wrote:
On 11/12/16 7:04 AM, Bill Prince wrote:
> I would think that 60 GHz "might" be useful if the AP and a UHD TV were
> in the same room, and your 2.4GHz and 5GHz channels were all trash
> because of close proximity of neighbors.
>
> But overall, I think it would be more trouble than most consumers can
> deal with.


I've been using a 60GHz HDMI bridge for several years between the AV
gear and the projector. Works great unless the cat sits on it because
it's warm.

~Seth

Re: [AFMUG] 802.11ad Deployment in a House

[Harold Bledsoe]

I think the idea is that 11ad will be opportunistic offload. For enterprise
it makes a lot of sense because you have dense users and ceiling mounted
APs.  For home it is a little more challenging because you would need one
in each room that you want to "offload" to 60GHz.

The applications where 60ghz makes sense is where you would think seriously
about using a wire (where you need high bandwidth, low latency - basically
a wire experience).  Video streaming, gaming, that sort of stuff would be
the low-hanging fruit.

-Hal

On Sat, Nov 12, 2016 at 8:06 AM Seth Mattinen  wrote:

> On 11/12/16 7:04 AM, Bill Prince wrote:
> > I would think that 60 GHz "might" be useful if the AP and a UHD TV were
> > in the same room, and your 2.4GHz and 5GHz channels were all trash
> > because of close proximity of neighbors.
> >
> > But overall, I think it would be more trouble than most consumers can
> > deal with.
>
>
> I've been using a 60GHz HDMI bridge for several years between the AV
> gear and the projector. Works great unless the cat sits on it because
> it's warm.
>
> ~Seth
>

[AFMUG] AT&T DSL / "U-Verse" and Mikrotik

[justsumname .]

I'm searching today to see if and how.   Can anyone say if this is even
possible?I've got their new NVG510 'modem', trying to make my Mikrotik
talk to it, to do my own wifi and house LAN... no go.

...searching the webs ... searching...

thx

Re: [AFMUG] 802.11ad Deployment in a House

[Seth Mattinen]

On 11/12/16 7:04 AM, Bill Prince wrote:

I would think that 60 GHz "might" be useful if the AP and a UHD TV were
in the same room, and your 2.4GHz and 5GHz channels were all trash
because of close proximity of neighbors.

But overall, I think it would be more trouble than most consumers can
deal with.



I've been using a 60GHz HDMI bridge for several years between the AV 
gear and the projector. Works great unless the cat sits on it because 
it's warm.


~Seth

Re: [AFMUG] Trango Security Issue

[Chuck McCown]

yep, karma

From: Mike Hammett 
Sent: Saturday, November 12, 2016 8:18 AM
To: af@afmug.com 
Subject: Re: [AFMUG] Trango Security Issue

So the moral of the story is if you steal software, you'll die and leave your 
family burned with a shitty lawsuit?




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP








From: "Chuck McCown" 
To: af@afmug.com
Sent: Saturday, November 12, 2016 9:15:44 AM
Subject: Re: [AFMUG] Trango Security Issue


I will never forget the first time I cracked one of these backdoors.  It was a 
central office telephone switch made by Harris.
The company had purchased it used in Puerto Rico and did not want to pay Harris 
for software upgrades, they wanted to use the upgrades they had purchased for 
other Harris switches.  

I discovered a pcb with some soldered jumpers that puzzled out to be the serial 
number hardware bound but physically changeable.  After changing the serial 
number to match that of a legit switch the company owned I asked Harris to dial 
in and take a look at a problem, while they were dialing in I half tapped the 
rs-232 line and watched the login sequence.  The password was Goldengate.  That 
was quite a thrill.  From that point on we could  do an amazing amount of 
things with that switch as it had some software tools residing inside it.  

Prior to that time and since, I have always been against stealing software.  I 
never used copies or allowed copies of mine in college (early PC  days).  
But the boss wanted it done and wanted to impress the boss, who many years 
later became a business partner, who many years after that sued me, and then 
died, and the lawsuit is still going...

From: Mike Hammett 
Sent: Saturday, November 12, 2016 7:52 AM
To: af@afmug.com 
Subject: Re: [AFMUG] Trango Security Issue

I would be surprised if *EVERY* platform didn't have some secret manufacturer 
backdoor, some just are better guarded than others.




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP








From: "Jon Langeler" 
To: af@afmug.com
Sent: Saturday, November 12, 2016 8:44:59 AM
Subject: Re: [AFMUG] Trango Security Issue


It's not the first time that a manufacturer has a secret root account. It just 
got out


Jon Langeler
Michwave Technologies, Inc.


On Nov 12, 2016, at 7:09 AM, Paul Stewart  wrote:


  Yikes…. 



  [+] Credits: Ian Ling
  [+] Website: iancaling.com
  [+] Source: http://blog.iancaling.com/post/153011925478/

  Vendor:
  =
  www.trangosys.com

  Products:
  ==
  All models. Newer versions use a different password.

  Vulnerability Type:
  ===
  Default Root Account

  CVE Reference:
  ==
  N/A

  Vulnerability Details:
  =

  Trango devices all have a built-in, hidden root account, with a default 
password that is the same across many devices and software revisions. This 
account is accessible via ssh and grants access to the underlying embedded unix 
OS on the device, allowing full control over it. Recent software updates for 
some models have changed this password, but have not removed this backdoor. See 
source above for details on how the password was found.

  The particular password I found is 9 characters, all lowercase, no numbers: 
"bakergiga"
  Their support team informed me that there is a different password on newer 
devices.

  The password I found works on the following devices:

  -Apex <= 2.1.1 (latest)
  -ApexLynx < 2.0
  -ApexOrion < 2.0
  -ApexPlus <= 3.2.0 (latest)
  -Giga <= 2.6.1 (latest)
  -GigaLynx < 2.0
  -GigaOrion < 2.0
  -GigaPlus <= 3.2.3 (latest)
  -GigaPro <= 1.4.1 (latest)
  -StrataLink < 3.0
  -StrataPro - all versions?

  Impact:
  The remote attacker has full control over the device, including shell access. 
This can lead to packet sniffing and tampering, bricking the device, and use in 
botnets.


  Disclosure Timeline:
  ===
  Vendor Notification: October 7, 2016
  Public Disclosure: November 10, 2016

  Exploitation Technique:
  ===
  Remote

  Severity Level:
  
  Critical

Re: [AFMUG] Trango Security Issue

[Mike Hammett]

So the moral of the story is if you steal software, you'll die and leave your 
family burned with a shitty lawsuit? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Chuck McCown"  
To: af@afmug.com 
Sent: Saturday, November 12, 2016 9:15:44 AM 
Subject: Re: [AFMUG] Trango Security Issue 




I will never forget the first time I cracked one of these backdoors. It was a 
central office telephone switch made by Harris. 
The company had purchased it used in Puerto Rico and did not want to pay Harris 
for software upgrades, they wanted to use the upgrades they had purchased for 
other Harris switches. 

I discovered a pcb with some soldered jumpers that puzzled out to be the serial 
number hardware bound but physically changeable. After changing the serial 
number to match that of a legit switch the company owned I asked Harris to dial 
in and take a look at a problem, while they were dialing in I half tapped the 
rs-232 line and watched the login sequence. The password was Goldengate. That 
was quite a thrill. From that point on we could do an amazing amount of things 
with that switch as it had some software tools residing inside it. 

Prior to that time and since, I have always been against stealing software. I 
never used copies or allowed copies of mine in college (early PC days). 
But the boss wanted it done and wanted to impress the boss, who many years 
later became a business partner, who many years after that sued me, and then 
died, and the lawsuit is still going... 




From: Mike Hammett 
Sent: Saturday, November 12, 2016 7:52 AM 
To: af@afmug.com 
Subject: Re: [AFMUG] Trango Security Issue 


I would be surprised if *EVERY* platform didn't have some secret manufacturer 
backdoor, some just are better guarded than others. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Jon Langeler"  
To: af@afmug.com 
Sent: Saturday, November 12, 2016 8:44:59 AM 
Subject: Re: [AFMUG] Trango Security Issue 


It's not the first time that a manufacturer has a secret root account. It just 
got out 


Jon Langeler 
Michwave Technologies, Inc. 


On Nov 12, 2016, at 7:09 AM, Paul Stewart < p...@paulstewart.org > wrote: 




Yikes…. 




[+] Credits: Ian Ling 
[+] Website: iancaling.com 
[+] Source: http://blog.iancaling.com/post/153011925478/ 

Vendor: 
= 
www.trangosys.com 

Products: 
== 
All models. Newer versions use a different password. 

Vulnerability Type: 
=== 
Default Root Account 

CVE Reference: 
== 
N/A 

Vulnerability Details: 
= 

Trango devices all have a built-in, hidden root account, with a default 
password that is the same across many devices and software revisions. This 
account is accessible via ssh and grants access to the underlying embedded unix 
OS on the device, allowing full control over it. Recent software updates for 
some models have changed this password, but have not removed this backdoor. See 
source above for details on how the password was found. 

The particular password I found is 9 characters, all lowercase, no numbers: 
"bakergiga" 
Their support team informed me that there is a different password on newer 
devices. 

The password I found works on the following devices: 

-Apex <= 2.1.1 (latest) 
-ApexLynx < 2.0 
-ApexOrion < 2.0 
-ApexPlus <= 3.2.0 (latest) 
-Giga <= 2.6.1 (latest) 
-GigaLynx < 2.0 
-GigaOrion < 2.0 
-GigaPlus <= 3.2.3 (latest) 
-GigaPro <= 1.4.1 (latest) 
-StrataLink < 3.0 
-StrataPro - all versions? 

Impact: 
The remote attacker has full control over the device, including shell access. 
This can lead to packet sniffing and tampering, bricking the device, and use in 
botnets. 


Disclosure Timeline: 
=== 
Vendor Notification: October 7, 2016 
Public Disclosure: November 10, 2016 

Exploitation Technique: 
=== 
Remote 

Severity Level: 
 
Critical 

Re: [AFMUG] Trango Security Issue

[Chuck McCown]

And I guess it was not really a “backdoor” just the vendors password, but it 
did give me a great sense of satisfaction.  

From: Chuck McCown 
Sent: Saturday, November 12, 2016 8:15 AM
To: af@afmug.com 
Subject: Re: [AFMUG] Trango Security Issue

I will never forget the first time I cracked one of these backdoors.  It was a 
central office telephone switch made by Harris.
The company had purchased it used in Puerto Rico and did not want to pay Harris 
for software upgrades, they wanted to use the upgrades they had purchased for 
other Harris switches.  

I discovered a pcb with some soldered jumpers that puzzled out to be the serial 
number hardware bound but physically changeable.  After changing the serial 
number to match that of a legit switch the company owned I asked Harris to dial 
in and take a look at a problem, while they were dialing in I half tapped the 
rs-232 line and watched the login sequence.  The password was Goldengate.  That 
was quite a thrill.  From that point on we could  do an amazing amount of 
things with that switch as it had some software tools residing inside it.  

Prior to that time and since, I have always been against stealing software.  I 
never used copies or allowed copies of mine in college (early PC  days).  
But the boss wanted it done and wanted to impress the boss, who many years 
later became a business partner, who many years after that sued me, and then 
died, and the lawsuit is still going...

From: Mike Hammett 
Sent: Saturday, November 12, 2016 7:52 AM
To: af@afmug.com 
Subject: Re: [AFMUG] Trango Security Issue

I would be surprised if *EVERY* platform didn't have some secret manufacturer 
backdoor, some just are better guarded than others.




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP








From: "Jon Langeler" 
To: af@afmug.com
Sent: Saturday, November 12, 2016 8:44:59 AM
Subject: Re: [AFMUG] Trango Security Issue


It's not the first time that a manufacturer has a secret root account. It just 
got out


Jon Langeler
Michwave Technologies, Inc.


On Nov 12, 2016, at 7:09 AM, Paul Stewart  wrote:


  Yikes…. 



  [+] Credits: Ian Ling
  [+] Website: iancaling.com
  [+] Source: http://blog.iancaling.com/post/153011925478/

  Vendor:
  =
  www.trangosys.com

  Products:
  ==
  All models. Newer versions use a different password.

  Vulnerability Type:
  ===
  Default Root Account

  CVE Reference:
  ==
  N/A

  Vulnerability Details:
  =

  Trango devices all have a built-in, hidden root account, with a default 
password that is the same across many devices and software revisions. This 
account is accessible via ssh and grants access to the underlying embedded unix 
OS on the device, allowing full control over it. Recent software updates for 
some models have changed this password, but have not removed this backdoor. See 
source above for details on how the password was found.

  The particular password I found is 9 characters, all lowercase, no numbers: 
"bakergiga"
  Their support team informed me that there is a different password on newer 
devices.

  The password I found works on the following devices:

  -Apex <= 2.1.1 (latest)
  -ApexLynx < 2.0
  -ApexOrion < 2.0
  -ApexPlus <= 3.2.0 (latest)
  -Giga <= 2.6.1 (latest)
  -GigaLynx < 2.0
  -GigaOrion < 2.0
  -GigaPlus <= 3.2.3 (latest)
  -GigaPro <= 1.4.1 (latest)
  -StrataLink < 3.0
  -StrataPro - all versions?

  Impact:
  The remote attacker has full control over the device, including shell access. 
This can lead to packet sniffing and tampering, bricking the device, and use in 
botnets.


  Disclosure Timeline:
  ===
  Vendor Notification: October 7, 2016
  Public Disclosure: November 10, 2016

  Exploitation Technique:
  ===
  Remote

  Severity Level:
  
  Critical

Re: [AFMUG] Trango Security Issue

[Mike Hammett]

I didn't mean to imply that everyone has such a simple system. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Colin Stanners"  
To: af@afmug.com 
Sent: Saturday, November 12, 2016 9:12:06 AM 
Subject: Re: [AFMUG] Trango Security Issue 


I'm sure many of them do, but it's trivial to make such a backdoor essentially 
unbreakable unless a high-level encyption key theft happens inside the 
manufacturer. E.g. user "backdoor" with the password being a hash of the unit's 
MAC address run through public key cryptography. 

It's mind-bending foolishness for any programmer to release a product with a 
hard-coded, everywhere-the-same backdoor password. 



On Sat, Nov 12, 2016 at 8:52 AM, Mike Hammett < af...@ics-il.net > wrote: 




I would be surprised if *EVERY* platform didn't have some secret manufacturer 
backdoor, some just are better guarded than others. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "Jon Langeler" < jon-ispli...@michwave.net > 
To: af@afmug.com 
Sent: Saturday, November 12, 2016 8:44:59 AM 
Subject: Re: [AFMUG] Trango Security Issue 




It's not the first time that a manufacturer has a secret root account. It just 
got out 


Jon Langeler 
Michwave Technologies, Inc. 



On Nov 12, 2016, at 7:09 AM, Paul Stewart < p...@paulstewart.org > wrote: 




Yikes…. 






[+] Credits: Ian Ling 
[+] Website: iancaling.com 
[+] Source: http://blog.iancaling.com/post/153011925478/ 

Vendor: 
= 
www.trangosys.com 

Products: 
== 
All models. Newer versions use a different password. 

Vulnerability Type: 
=== 
Default Root Account 

CVE Reference: 
== 
N/A 

Vulnerability Details: 
= 

Trango devices all have a built-in, hidden root account, with a default 
password that is the same across many devices and software revisions. This 
account is accessible via ssh and grants access to the underlying embedded unix 
OS on the device, allowing full control over it. Recent software updates for 
some models have changed this password, but have not removed this backdoor. See 
source above for details on how the password was found. 

The particular password I found is 9 characters, all lowercase, no numbers: 
"bakergiga" 
Their support team informed me that there is a different password on newer 
devices. 

The password I found works on the following devices: 

-Apex <= 2.1.1 (latest) 
-ApexLynx < 2.0 
-ApexOrion < 2.0 
-ApexPlus <= 3.2.0 (latest) 
-Giga <= 2.6.1 (latest) 
-GigaLynx < 2.0 
-GigaOrion < 2.0 
-GigaPlus <= 3.2.3 (latest) 
-GigaPro <= 1.4.1 (latest) 
-StrataLink < 3.0 
-StrataPro - all versions? 

Impact: 
The remote attacker has full control over the device, including shell access. 
This can lead to packet sniffing and tampering, bricking the device, and use in 
botnets. 


Disclosure Timeline: 
=== 
Vendor Notification: October 7, 2016 
Public Disclosure: November 10, 2016 

Exploitation Technique: 
=== 
Remote 

Severity Level: 
 
Critical 

Re: [AFMUG] Trango Security Issue

[Chuck McCown]

I will never forget the first time I cracked one of these backdoors.  It was a 
central office telephone switch made by Harris.
The company had purchased it used in Puerto Rico and did not want to pay Harris 
for software upgrades, they wanted to use the upgrades they had purchased for 
other Harris switches.  

I discovered a pcb with some soldered jumpers that puzzled out to be the serial 
number hardware bound but physically changeable.  After changing the serial 
number to match that of a legit switch the company owned I asked Harris to dial 
in and take a look at a problem, while they were dialing in I half tapped the 
rs-232 line and watched the login sequence.  The password was Goldengate.  That 
was quite a thrill.  From that point on we could  do an amazing amount of 
things with that switch as it had some software tools residing inside it.  

Prior to that time and since, I have always been against stealing software.  I 
never used copies or allowed copies of mine in college (early PC  days).  
But the boss wanted it done and wanted to impress the boss, who many years 
later became a business partner, who many years after that sued me, and then 
died, and the lawsuit is still going...

From: Mike Hammett 
Sent: Saturday, November 12, 2016 7:52 AM
To: af@afmug.com 
Subject: Re: [AFMUG] Trango Security Issue

I would be surprised if *EVERY* platform didn't have some secret manufacturer 
backdoor, some just are better guarded than others.




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP








From: "Jon Langeler" 
To: af@afmug.com
Sent: Saturday, November 12, 2016 8:44:59 AM
Subject: Re: [AFMUG] Trango Security Issue


It's not the first time that a manufacturer has a secret root account. It just 
got out


Jon Langeler
Michwave Technologies, Inc.


On Nov 12, 2016, at 7:09 AM, Paul Stewart  wrote:


  Yikes…. 



  [+] Credits: Ian Ling
  [+] Website: iancaling.com
  [+] Source: http://blog.iancaling.com/post/153011925478/

  Vendor:
  =
  www.trangosys.com

  Products:
  ==
  All models. Newer versions use a different password.

  Vulnerability Type:
  ===
  Default Root Account

  CVE Reference:
  ==
  N/A

  Vulnerability Details:
  =

  Trango devices all have a built-in, hidden root account, with a default 
password that is the same across many devices and software revisions. This 
account is accessible via ssh and grants access to the underlying embedded unix 
OS on the device, allowing full control over it. Recent software updates for 
some models have changed this password, but have not removed this backdoor. See 
source above for details on how the password was found.

  The particular password I found is 9 characters, all lowercase, no numbers: 
"bakergiga"
  Their support team informed me that there is a different password on newer 
devices.

  The password I found works on the following devices:

  -Apex <= 2.1.1 (latest)
  -ApexLynx < 2.0
  -ApexOrion < 2.0
  -ApexPlus <= 3.2.0 (latest)
  -Giga <= 2.6.1 (latest)
  -GigaLynx < 2.0
  -GigaOrion < 2.0
  -GigaPlus <= 3.2.3 (latest)
  -GigaPro <= 1.4.1 (latest)
  -StrataLink < 3.0
  -StrataPro - all versions?

  Impact:
  The remote attacker has full control over the device, including shell access. 
This can lead to packet sniffing and tampering, bricking the device, and use in 
botnets.


  Disclosure Timeline:
  ===
  Vendor Notification: October 7, 2016
  Public Disclosure: November 10, 2016

  Exploitation Technique:
  ===
  Remote

  Severity Level:
  
  Critical

Re: [AFMUG] Trango Security Issue

[Colin Stanners]

I'm sure many of them do, but it's trivial to make such a backdoor
essentially unbreakable unless a high-level encyption key theft happens
inside the manufacturer. E.g. user "backdoor" with the password being a
hash of the unit's MAC address run through public key cryptography.

It's mind-bending foolishness for any programmer to release a product with
a hard-coded, everywhere-the-same backdoor password.

On Sat, Nov 12, 2016 at 8:52 AM, Mike Hammett  wrote:

> I would be surprised if *EVERY* platform didn't have some secret
> manufacturer backdoor, some just are better guarded than others.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Jon Langeler" 
> *To: *af@afmug.com
> *Sent: *Saturday, November 12, 2016 8:44:59 AM
> *Subject: *Re: [AFMUG] Trango Security Issue
>
>
> It's not the first time that a manufacturer has a secret root account. It
> just got out
>
> Jon Langeler
> Michwave Technologies, Inc.
>
>
> On Nov 12, 2016, at 7:09 AM, Paul Stewart  wrote:
>
> Yikes….
>
>
>
> [+] Credits: Ian Ling
> [+] Website: iancaling.com
> [+] Source: http://blog.iancaling.com/post/153011925478/
>
> Vendor:
> =
> www.trangosys.com
>
> Products:
> ==
> All models. Newer versions use a different password.
>
> Vulnerability Type:
> ===
> Default Root Account
>
> CVE Reference:
> ==
> N/A
>
> Vulnerability Details:
> =
>
> Trango devices all have a built-in, hidden root account, with a default
> password that is the same across many devices and software revisions. This
> account is accessible via ssh and grants access to the underlying embedded
> unix OS on the device, allowing full control over it. Recent software
> updates for some models have changed this password, but have not removed
> this backdoor. See source above for details on how the password was found.
>
> The particular password I found is 9 characters, all lowercase, no
> numbers: "bakergiga"
> Their support team informed me that there is a different password on newer
> devices.
>
> The password I found works on the following devices:
>
> -Apex <= 2.1.1 (latest)
> -ApexLynx < 2.0
> -ApexOrion < 2.0
> -ApexPlus <= 3.2.0 (latest)
> -Giga <= 2.6.1 (latest)
> -GigaLynx < 2.0
> -GigaOrion < 2.0
> -GigaPlus <= 3.2.3 (latest)
> -GigaPro <= 1.4.1 (latest)
> -StrataLink < 3.0
> -StrataPro - all versions?
>
> Impact:
> The remote attacker has full control over the device, including shell
> access. This can lead to packet sniffing and tampering, bricking the
> device, and use in botnets.
>
>
> Disclosure Timeline:
> ===
> Vendor Notification: October 7, 2016
> Public Disclosure: November 10, 2016
>
> Exploitation Technique:
> ===
> Remote
>
> Severity Level:
> 
> Critical
>
>
>

Re: [AFMUG] 802.11ad Deployment in a House

[Bill Prince]

I would think that 60 GHz "might" be useful if the AP and a UHD TV were 
in the same room, and your 2.4GHz and 5GHz channels were all trash 
because of close proximity of neighbors.


But overall, I think it would be more trouble than most consumers can 
deal with.



bp


On 11/11/2016 4:32 PM, Sterling Jacobson wrote:

I see routers that now do 802.11ad 60GHz radio bands.

But I don't think people realize that 60GHz doesn't go through walls, or really 
anything, for that matter.

So I don't see buying a single 802.11ad router as very useful for home 
deployment.

Wouldn't this be better suited to a UBNT type deployment where you have a 
central POE switch/router that powers several tri-band AP's placed throughout 
the house via Ethernet?

Re: [AFMUG] Trango Security Issue

[Mike Hammett]

I would be surprised if *EVERY* platform didn't have some secret manufacturer 
backdoor, some just are better guarded than others. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Jon Langeler"  
To: af@afmug.com 
Sent: Saturday, November 12, 2016 8:44:59 AM 
Subject: Re: [AFMUG] Trango Security Issue 


It's not the first time that a manufacturer has a secret root account. It just 
got out 


Jon Langeler 
Michwave Technologies, Inc. 



On Nov 12, 2016, at 7:09 AM, Paul Stewart < p...@paulstewart.org > wrote: 




Yikes…. 






[+] Credits: Ian Ling 
[+] Website: iancaling.com 
[+] Source: http://blog.iancaling.com/post/153011925478/ 

Vendor: 
= 
www.trangosys.com 

Products: 
== 
All models. Newer versions use a different password. 

Vulnerability Type: 
=== 
Default Root Account 

CVE Reference: 
== 
N/A 

Vulnerability Details: 
= 

Trango devices all have a built-in, hidden root account, with a default 
password that is the same across many devices and software revisions. This 
account is accessible via ssh and grants access to the underlying embedded unix 
OS on the device, allowing full control over it. Recent software updates for 
some models have changed this password, but have not removed this backdoor. See 
source above for details on how the password was found. 

The particular password I found is 9 characters, all lowercase, no numbers: 
"bakergiga" 
Their support team informed me that there is a different password on newer 
devices. 

The password I found works on the following devices: 

-Apex <= 2.1.1 (latest) 
-ApexLynx < 2.0 
-ApexOrion < 2.0 
-ApexPlus <= 3.2.0 (latest) 
-Giga <= 2.6.1 (latest) 
-GigaLynx < 2.0 
-GigaOrion < 2.0 
-GigaPlus <= 3.2.3 (latest) 
-GigaPro <= 1.4.1 (latest) 
-StrataLink < 3.0 
-StrataPro - all versions? 

Impact: 
The remote attacker has full control over the device, including shell access. 
This can lead to packet sniffing and tampering, bricking the device, and use in 
botnets. 


Disclosure Timeline: 
=== 
Vendor Notification: October 7, 2016 
Public Disclosure: November 10, 2016 

Exploitation Technique: 
=== 
Remote 

Severity Level: 
 
Critical 

Re: [AFMUG] Trango Security Issue

[Jon Langeler]

It's not the first time that a manufacturer has a secret root account. It just 
got out

Jon Langeler
Michwave Technologies, Inc.


> On Nov 12, 2016, at 7:09 AM, Paul Stewart  wrote:
> 
> Yikes….
> 
> 
> 
> [+] Credits: Ian Ling
> [+] Website: iancaling.com
> [+] Source: http://blog.iancaling.com/post/153011925478/
> 
> Vendor:
> =
> www.trangosys.com
> 
> Products:
> ==
> All models. Newer versions use a different password.
> 
> Vulnerability Type:
> ===
> Default Root Account
> 
> CVE Reference:
> ==
> N/A
> 
> Vulnerability Details:
> =
> 
> Trango devices all have a built-in, hidden root account, with a default 
> password that is the same across many devices and software revisions. This 
> account is accessible via ssh and grants access to the underlying embedded 
> unix OS on the device, allowing full control over it. Recent software updates 
> for some models have changed this password, but have not removed this 
> backdoor. See source above for details on how the password was found.
> 
> The particular password I found is 9 characters, all lowercase, no numbers: 
> "bakergiga"
> Their support team informed me that there is a different password on newer 
> devices.
> 
> The password I found works on the following devices:
> 
> -Apex <= 2.1.1 (latest)
> -ApexLynx < 2.0
> -ApexOrion < 2.0
> -ApexPlus <= 3.2.0 (latest)
> -Giga <= 2.6.1 (latest)
> -GigaLynx < 2.0
> -GigaOrion < 2.0
> -GigaPlus <= 3.2.3 (latest)
> -GigaPro <= 1.4.1 (latest)
> -StrataLink < 3.0
> -StrataPro - all versions?
> 
> Impact:
> The remote attacker has full control over the device, including shell access. 
> This can lead to packet sniffing and tampering, bricking the device, and use 
> in botnets.
> 
> 
> Disclosure Timeline:
> ===
> Vendor Notification: October 7, 2016
> Public Disclosure: November 10, 2016
> 
> Exploitation Technique:
> ===
> Remote
> 
> Severity Level:
> 
> Critical
> 

Re: [AFMUG] Trango Security Issue

[Colin Stanners]

One good thing about the Ubiquiti worm(s) is that any network operator who
lacked the sense or experience to do so has hopefully fixed things up.

On Sat, Nov 12, 2016 at 7:53 AM, Simon Westlake 
wrote:

> Hopefully everyone has their management subnets firewalled away from any
> unauthorized users..
>
>
> On 11/12/2016 6:09 AM, Paul Stewart wrote:
>
> Yikes….
>
>
>
> [+] Credits: Ian Ling
> [+] Website: iancaling.com
> [+] Source: http://blog.iancaling.com/post/153011925478/
>
> Vendor:
> =
> www.trangosys.com
>
> Products:
> ==
> All models. Newer versions use a different password.
>
> Vulnerability Type:
> ===
> Default Root Account
>
> CVE Reference:
> ==
> N/A
>
> Vulnerability Details:
> =
>
> Trango devices all have a built-in, hidden root account, with a default
> password that is the same across many devices and software revisions. This
> account is accessible via ssh and grants access to the underlying embedded
> unix OS on the device, allowing full control over it. Recent software
> updates for some models have changed this password, but have not removed
> this backdoor. See source above for details on how the password was found.
>
> The particular password I found is 9 characters, all lowercase, no
> numbers: "bakergiga"
> Their support team informed me that there is a different password on newer
> devices.
>
> The password I found works on the following devices:
>
> -Apex <= 2.1.1 (latest)
> -ApexLynx < 2.0
> -ApexOrion < 2.0
> -ApexPlus <= 3.2.0 (latest)
> -Giga <= 2.6.1 (latest)
> -GigaLynx < 2.0
> -GigaOrion < 2.0
> -GigaPlus <= 3.2.3 (latest)
> -GigaPro <= 1.4.1 (latest)
> -StrataLink < 3.0
> -StrataPro - all versions?
>
> Impact:
> The remote attacker has full control over the device, including shell
> access. This can lead to packet sniffing and tampering, bricking the
> device, and use in botnets.
>
>
> Disclosure Timeline:
> ===
> Vendor Notification: October 7, 2016
> Public Disclosure: November 10, 2016
>
> Exploitation Technique:
> ===
> Remote
>
> Severity Level:
> 
> Critical
>
>
> --
> Simon Westlake
> Skype: Simon_Sonar
> Email: simon@sonar.software
> Phone: (702) 447-1247
> ---
> Sonar Software Inc
> The future of ISP billing and OSShttps://sonar.software
>
>

Re: [AFMUG] Trango Security Issue

[Simon Westlake]

Hopefully everyone has their management subnets firewalled away from any 
unauthorized users..


On 11/12/2016 6:09 AM, Paul Stewart wrote:

Yikes….



[+] Credits: Ian Ling
[+] Website: iancaling.com 
[+] Source: http://blog.iancaling.com/post/153011925478/

Vendor:
=
www.trangosys.com 

Products:
==
All models. Newer versions use a different password.

Vulnerability Type:
===
Default Root Account

CVE Reference:
==
N/A

Vulnerability Details:
=

Trango devices all have a built-in, hidden root account, with a 
default password that is the same across many devices and software 
revisions. This account is accessible via ssh and grants access to the 
underlying embedded unix OS on the device, allowing full control over 
it. Recent software updates for some models have changed this 
password, but have not removed this backdoor. See source above for 
details on how the password was found.


The particular password I found is 9 characters, all lowercase, no 
numbers: "bakergiga"
Their support team informed me that there is a different password on 
newer devices.


The password I found works on the following devices:

-Apex <= 2.1.1 (latest)
-ApexLynx < 2.0
-ApexOrion < 2.0
-ApexPlus <= 3.2.0 (latest)
-Giga <= 2.6.1 (latest)
-GigaLynx < 2.0
-GigaOrion < 2.0
-GigaPlus <= 3.2.3 (latest)
-GigaPro <= 1.4.1 (latest)
-StrataLink < 3.0
-StrataPro - all versions?

Impact:
The remote attacker has full control over the device, including shell 
access. This can lead to packet sniffing and tampering, bricking the 
device, and use in botnets.



Disclosure Timeline:
===
Vendor Notification: October 7, 2016
Public Disclosure: November 10, 2016

Exploitation Technique:
===
Remote

Severity Level:

Critical



--
Simon Westlake
Skype: Simon_Sonar
Email: simon@sonar.software
Phone: (702) 447-1247
---
Sonar Software Inc
The future of ISP billing and OSS
https://sonar.software

Re: [AFMUG] Trango Security Issue

[Paul Stewart]

that answer varies … they could be not acknowledging this, they could still be 
trying to figure it out …. hard to tell with vendors - some of them are great 
at dealing with this kind of stuff and some put their head in the sand ….

Also - this notice doesn’t mean 100% that it’s actually correct … this is the 
work of a security researcher typically who is making a claim.  Typically they 
are correct though …

> On Nov 12, 2016, at 7:45 AM, can...@believewireless.net 
>  wrote:
> 
> Why didn't Trango announce this to customers?
> 
> On Sat, Nov 12, 2016 at 7:09 AM, Paul Stewart  > wrote:
> Yikes….
> 
> 
> 
> [+] Credits: Ian Ling
> [+] Website: iancaling.com 
> [+] Source: http://blog.iancaling.com/post/153011925478/ 
> 
> 
> Vendor:
> =
> www.trangosys.com 
> 
> Products:
> ==
> All models. Newer versions use a different password.
> 
> Vulnerability Type:
> ===
> Default Root Account
> 
> CVE Reference:
> ==
> N/A
> 
> Vulnerability Details:
> =
> 
> Trango devices all have a built-in, hidden root account, with a default 
> password that is the same across many devices and software revisions. This 
> account is accessible via ssh and grants access to the underlying embedded 
> unix OS on the device, allowing full control over it. Recent software updates 
> for some models have changed this password, but have not removed this 
> backdoor. See source above for details on how the password was found.
> 
> The particular password I found is 9 characters, all lowercase, no numbers: 
> "bakergiga"
> Their support team informed me that there is a different password on newer 
> devices.
> 
> The password I found works on the following devices:
> 
> -Apex <= 2.1.1 (latest)
> -ApexLynx < 2.0
> -ApexOrion < 2.0
> -ApexPlus <= 3.2.0 (latest)
> -Giga <= 2.6.1 (latest)
> -GigaLynx < 2.0
> -GigaOrion < 2.0
> -GigaPlus <= 3.2.3 (latest)
> -GigaPro <= 1.4.1 (latest)
> -StrataLink < 3.0
> -StrataPro - all versions?
> 
> Impact:
> The remote attacker has full control over the device, including shell access. 
> This can lead to packet sniffing and tampering, bricking the device, and use 
> in botnets.
> 
> 
> Disclosure Timeline:
> ===
> Vendor Notification: October 7, 2016
> Public Disclosure: November 10, 2016
> 
> Exploitation Technique:
> ===
> Remote
> 
> Severity Level:
> 
> Critical
> 
> 

Re: [AFMUG] Trango Security Issue

[can...@believewireless.net]

Why didn't Trango announce this to customers?

On Sat, Nov 12, 2016 at 7:09 AM, Paul Stewart  wrote:

> Yikes….
>
>
>
> [+] Credits: Ian Ling
> [+] Website: iancaling.com
> [+] Source: http://blog.iancaling.com/post/153011925478/
>
> Vendor:
> =
> www.trangosys.com
>
> Products:
> ==
> All models. Newer versions use a different password.
>
> Vulnerability Type:
> ===
> Default Root Account
>
> CVE Reference:
> ==
> N/A
>
> Vulnerability Details:
> =
>
> Trango devices all have a built-in, hidden root account, with a default
> password that is the same across many devices and software revisions. This
> account is accessible via ssh and grants access to the underlying embedded
> unix OS on the device, allowing full control over it. Recent software
> updates for some models have changed this password, but have not removed
> this backdoor. See source above for details on how the password was found.
>
> The particular password I found is 9 characters, all lowercase, no
> numbers: "bakergiga"
> Their support team informed me that there is a different password on newer
> devices.
>
> The password I found works on the following devices:
>
> -Apex <= 2.1.1 (latest)
> -ApexLynx < 2.0
> -ApexOrion < 2.0
> -ApexPlus <= 3.2.0 (latest)
> -Giga <= 2.6.1 (latest)
> -GigaLynx < 2.0
> -GigaOrion < 2.0
> -GigaPlus <= 3.2.3 (latest)
> -GigaPro <= 1.4.1 (latest)
> -StrataLink < 3.0
> -StrataPro - all versions?
>
> Impact:
> The remote attacker has full control over the device, including shell
> access. This can lead to packet sniffing and tampering, bricking the
> device, and use in botnets.
>
>
> Disclosure Timeline:
> ===
> Vendor Notification: October 7, 2016
> Public Disclosure: November 10, 2016
>
> Exploitation Technique:
> ===
> Remote
>
> Severity Level:
> 
> Critical
>
>

[AFMUG] Trango Security Issue

[Paul Stewart]

Yikes….



[+] Credits: Ian Ling
[+] Website: iancaling.com 
[+] Source: http://blog.iancaling.com/post/153011925478/ 


Vendor:
=
www.trangosys.com 

Products:
==
All models. Newer versions use a different password.

Vulnerability Type:
===
Default Root Account

CVE Reference:
==
N/A

Vulnerability Details:
=

Trango devices all have a built-in, hidden root account, with a default 
password that is the same across many devices and software revisions. This 
account is accessible via ssh and grants access to the underlying embedded unix 
OS on the device, allowing full control over it. Recent software updates for 
some models have changed this password, but have not removed this backdoor. See 
source above for details on how the password was found.

The particular password I found is 9 characters, all lowercase, no numbers: 
"bakergiga"
Their support team informed me that there is a different password on newer 
devices.

The password I found works on the following devices:

-Apex <= 2.1.1 (latest)
-ApexLynx < 2.0
-ApexOrion < 2.0
-ApexPlus <= 3.2.0 (latest)
-Giga <= 2.6.1 (latest)
-GigaLynx < 2.0
-GigaOrion < 2.0
-GigaPlus <= 3.2.3 (latest)
-GigaPro <= 1.4.1 (latest)
-StrataLink < 3.0
-StrataPro - all versions?

Impact:
The remote attacker has full control over the device, including shell access. 
This can lead to packet sniffing and tampering, bricking the device, and use in 
botnets.


Disclosure Timeline:
===
Vendor Notification: October 7, 2016
Public Disclosure: November 10, 2016

Exploitation Technique:
===
Remote

Severity Level:

Critical