Re: [AFMUG] ubnt malware

[Josh Reynolds]

That is correct
On May 18, 2016 4:33 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
wrote:

> I only have one server, i set it up as a testbed and to get all the
> networks firmwares up to date. I need to build the real server, it will be
> on a different IP and all that good stuff, I just am trying to confirm the
> correct method of removing the devices from this one before configuring the
> new one.
> Just making sure its,
>  rt click the device, stop monitoring
> rt click the device - more - remove
>
> On Wed, May 18, 2016 at 4:27 PM, Josh Reynolds <j...@kyneticwifi.com>
> wrote:
>
>> For that one server you removed it from, yes. There may be other entries
>> on the device.
>>
>> I am somewhat dense at times, but am I not being clear somewhere? :/
>> On May 18, 2016 4:25 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> so if i do - stop monitoring, then remove its cleans up the device?
>>>
>>> On Wed, May 18, 2016 at 3:17 PM, Josh Reynolds <j...@kyneticwifi.com>
>>> wrote:
>>>
>>>> For every aircontrol or aircontrol 2 server and ip you connect to an
>>>> airmax device, is gets an entry. Max is I think 5 entries. Unless you
>>>> properly remove the device from the aircontrol or aircontrol2 server (or
>>>> the server bites the dust), it (the device) will continuously try reaching
>>>> that server until you manually go into each device and run the 3 or 4 lines
>>>> of code per each sever entry... or you can script it, which is normally
>>>> okay  but somewhat risky.
>>>>
>>>>
>>>> On Wed, May 18, 2016 at 12:23 PM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> I cant find it in the archives.
>>>>> are you saying even if i remove it from this existing installation of
>>>>> ac2 the device will try connecting to it anyway? i just did a port forward
>>>>> on the office firewall to my desktop for testing
>>>>>
>>>>>
>>>>> and does anybody know how to get this tough switch off this console,
>>>>> everytime it comes into the visible list it freaks it out so i cant do
>>>>> anything with the other devices
>>>>>
>>>>> On Tue, May 17, 2016 at 6:25 PM, Josh Reynolds <j...@kyneticwifi.com>
>>>>> wrote:
>>>>>
>>>>>> Eh, it modifies some mca attributes. It's not all in the config, but
>>>>>> still should be easy to do in ansible.
>>>>>>
>>>>>> On Tue, May 17, 2016 at 6:25 PM, Mike Hammett <af...@ics-il.net>
>>>>>> wrote:
>>>>>>
>>>>>>> Now that I have some basics of ansible, it's easy to clear anything
>>>>>>> out of the config file for me.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -
>>>>>>> Mike Hammett
>>>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>>>> <https://www.facebook.com/ICSIL>
>>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>>>> <https://twitter.com/ICSIL>
>>>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>>>> <https://www.facebook.com/mdwestix>
>>>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>>>> <https://twitter.com/mdwestix>
>>>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>>>
>>>>>>>
>>>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>>>>> --
>>>>>>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>>>>>>> *To: *af@afmug.com
>>>>>>> *Sent: *Tuesday, May 17, 2016 6:18:42 PM
>>>>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>>>>
>>>>>>> That only clears out the current monitoring session AFAIK, it
>>>>>>> doesn't remove entries from previous aircontrol or aircontrol2 server
>>&

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

I only have one server, i set it up as a testbed and to get all the
networks firmwares up to date. I need to build the real server, it will be
on a different IP and all that good stuff, I just am trying to confirm the
correct method of removing the devices from this one before configuring the
new one.
Just making sure its,
 rt click the device, stop monitoring
rt click the device - more - remove

On Wed, May 18, 2016 at 4:27 PM, Josh Reynolds <j...@kyneticwifi.com> wrote:

> For that one server you removed it from, yes. There may be other entries
> on the device.
>
> I am somewhat dense at times, but am I not being clear somewhere? :/
> On May 18, 2016 4:25 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
>> so if i do - stop monitoring, then remove its cleans up the device?
>>
>> On Wed, May 18, 2016 at 3:17 PM, Josh Reynolds <j...@kyneticwifi.com>
>> wrote:
>>
>>> For every aircontrol or aircontrol 2 server and ip you connect to an
>>> airmax device, is gets an entry. Max is I think 5 entries. Unless you
>>> properly remove the device from the aircontrol or aircontrol2 server (or
>>> the server bites the dust), it (the device) will continuously try reaching
>>> that server until you manually go into each device and run the 3 or 4 lines
>>> of code per each sever entry... or you can script it, which is normally
>>> okay  but somewhat risky.
>>>
>>>
>>> On Wed, May 18, 2016 at 12:23 PM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> I cant find it in the archives.
>>>> are you saying even if i remove it from this existing installation of
>>>> ac2 the device will try connecting to it anyway? i just did a port forward
>>>> on the office firewall to my desktop for testing
>>>>
>>>>
>>>> and does anybody know how to get this tough switch off this console,
>>>> everytime it comes into the visible list it freaks it out so i cant do
>>>> anything with the other devices
>>>>
>>>> On Tue, May 17, 2016 at 6:25 PM, Josh Reynolds <j...@kyneticwifi.com>
>>>> wrote:
>>>>
>>>>> Eh, it modifies some mca attributes. It's not all in the config, but
>>>>> still should be easy to do in ansible.
>>>>>
>>>>> On Tue, May 17, 2016 at 6:25 PM, Mike Hammett <af...@ics-il.net>
>>>>> wrote:
>>>>>
>>>>>> Now that I have some basics of ansible, it's easy to clear anything
>>>>>> out of the config file for me.
>>>>>>
>>>>>>
>>>>>>
>>>>>> -
>>>>>> Mike Hammett
>>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>>> <https://www.facebook.com/ICSIL>
>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>>> <https://twitter.com/ICSIL>
>>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>>> <https://www.facebook.com/mdwestix>
>>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>>> <https://twitter.com/mdwestix>
>>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>>
>>>>>>
>>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>>>> --
>>>>>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>>>>>> *To: *af@afmug.com
>>>>>> *Sent: *Tuesday, May 17, 2016 6:18:42 PM
>>>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>>>
>>>>>> That only clears out the current monitoring session AFAIK, it doesn't
>>>>>> remove entries from previous aircontrol or aircontrol2 server instances. 
>>>>>> I
>>>>>> created a script to do this previously that took a flat file ip list 
>>>>>> input.
>>>>>>
>>>>>> On Tue, May 17, 2016 at 6:12 PM, Jesse DuPont <
>>>>>> jesse.dup...@celeritycorp.net> wrote:
>>>>>>
>>>>>>> In the AC2 client connected to your test server, right-click each
>>>

Re: [AFMUG] ubnt malware

[Josh Reynolds]

For that one server you removed it from, yes. There may be other entries on
the device.

I am somewhat dense at times, but am I not being clear somewhere? :/
On May 18, 2016 4:25 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
wrote:

> so if i do - stop monitoring, then remove its cleans up the device?
>
> On Wed, May 18, 2016 at 3:17 PM, Josh Reynolds <j...@kyneticwifi.com>
> wrote:
>
>> For every aircontrol or aircontrol 2 server and ip you connect to an
>> airmax device, is gets an entry. Max is I think 5 entries. Unless you
>> properly remove the device from the aircontrol or aircontrol2 server (or
>> the server bites the dust), it (the device) will continuously try reaching
>> that server until you manually go into each device and run the 3 or 4 lines
>> of code per each sever entry... or you can script it, which is normally
>> okay  but somewhat risky.
>>
>>
>> On Wed, May 18, 2016 at 12:23 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> I cant find it in the archives.
>>> are you saying even if i remove it from this existing installation of
>>> ac2 the device will try connecting to it anyway? i just did a port forward
>>> on the office firewall to my desktop for testing
>>>
>>>
>>> and does anybody know how to get this tough switch off this console,
>>> everytime it comes into the visible list it freaks it out so i cant do
>>> anything with the other devices
>>>
>>> On Tue, May 17, 2016 at 6:25 PM, Josh Reynolds <j...@kyneticwifi.com>
>>> wrote:
>>>
>>>> Eh, it modifies some mca attributes. It's not all in the config, but
>>>> still should be easy to do in ansible.
>>>>
>>>> On Tue, May 17, 2016 at 6:25 PM, Mike Hammett <af...@ics-il.net> wrote:
>>>>
>>>>> Now that I have some basics of ansible, it's easy to clear anything
>>>>> out of the config file for me.
>>>>>
>>>>>
>>>>>
>>>>> -
>>>>> Mike Hammett
>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>> <https://www.facebook.com/ICSIL>
>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>> <https://twitter.com/ICSIL>
>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>> <https://www.facebook.com/mdwestix>
>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>> <https://twitter.com/mdwestix>
>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>
>>>>>
>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>>> --
>>>>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>>>>> *To: *af@afmug.com
>>>>> *Sent: *Tuesday, May 17, 2016 6:18:42 PM
>>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>>
>>>>> That only clears out the current monitoring session AFAIK, it doesn't
>>>>> remove entries from previous aircontrol or aircontrol2 server instances. I
>>>>> created a script to do this previously that took a flat file ip list 
>>>>> input.
>>>>>
>>>>> On Tue, May 17, 2016 at 6:12 PM, Jesse DuPont <
>>>>> jesse.dup...@celeritycorp.net> wrote:
>>>>>
>>>>>> In the AC2 client connected to your test server, right-click each
>>>>>> monitored device, choose Stop Monitoring. After that, right-click each 
>>>>>> one
>>>>>> and choose Remove.
>>>>>>
>>>>>> *Jesse DuPont*
>>>>>>
>>>>>> Network Architect
>>>>>> email: jesse.dup...@celeritycorp.net
>>>>>> Celerity Networks LLC
>>>>>>
>>>>>> Celerity Broadband LLC
>>>>>> Like us! facebook.com/celeritynetworksllc
>>>>>>
>>>>>> Like us! facebook.com/celeritybroadband
>>>>>> On 5/17/16 5:10 PM, That One Guy /sarcasm wrote:
>>>>>>
>>>>>> whats the method to clear these ones out effectively
>>>>>>
>

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

I cant find it in the archives.
are you saying even if i remove it from this existing installation of ac2
the device will try connecting to it anyway? i just did a port forward on
the office firewall to my desktop for testing


and does anybody know how to get this tough switch off this console,
everytime it comes into the visible list it freaks it out so i cant do
anything with the other devices

On Tue, May 17, 2016 at 6:25 PM, Josh Reynolds <j...@kyneticwifi.com> wrote:

> Eh, it modifies some mca attributes. It's not all in the config, but still
> should be easy to do in ansible.
>
> On Tue, May 17, 2016 at 6:25 PM, Mike Hammett <af...@ics-il.net> wrote:
>
>> Now that I have some basics of ansible, it's easy to clear anything out
>> of the config file for me.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions <http://www.ics-il.com/>
>> <https://www.facebook.com/ICSIL>
>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>> <https://twitter.com/ICSIL>
>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>> <https://www.facebook.com/mdwestix>
>> <https://www.linkedin.com/company/midwest-internet-exchange>
>> <https://twitter.com/mdwestix>
>> The Brothers WISP <http://www.thebrotherswisp.com/>
>> <https://www.facebook.com/thebrotherswisp>
>>
>>
>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>> --
>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>> *To: *af@afmug.com
>> *Sent: *Tuesday, May 17, 2016 6:18:42 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>> That only clears out the current monitoring session AFAIK, it doesn't
>> remove entries from previous aircontrol or aircontrol2 server instances. I
>> created a script to do this previously that took a flat file ip list input.
>>
>> On Tue, May 17, 2016 at 6:12 PM, Jesse DuPont <
>> jesse.dup...@celeritycorp.net> wrote:
>>
>>> In the AC2 client connected to your test server, right-click each
>>> monitored device, choose Stop Monitoring. After that, right-click each one
>>> and choose Remove.
>>>
>>> *Jesse DuPont*
>>>
>>> Network Architect
>>> email: jesse.dup...@celeritycorp.net
>>> Celerity Networks LLC
>>>
>>> Celerity Broadband LLC
>>> Like us! facebook.com/celeritynetworksllc
>>>
>>> Like us! facebook.com/celeritybroadband
>>> On 5/17/16 5:10 PM, That One Guy /sarcasm wrote:
>>>
>>> whats the method to clear these ones out effectively
>>>
>>>
>>> On Tue, May 17, 2016 at 1:27 PM, Josh Reynolds <j...@kyneticwifi.com>
>>> wrote:
>>>
>>>> HNNNGGG don't do that.
>>>>
>>>> Every time you spin up and then kill an aircontrol server that you
>>>> managed devices from, those devices will FOREVER try and report to that
>>>> aircontrol server. Up to 4 or 5 per device. That generates a lot of ARP
>>>> every 60 seconds or so when those servers don't exist anymore.
>>>>
>>>> It takes manual intervention via scripting on each device to get them
>>>> clean.
>>>>
>>>> Put up a real server / vm, associate devices, and be done with it.
>>>> Linux works best (by far).​
>>>>
>>>> On Tue, May 17, 2016 at 1:21 PM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> this was just a test install of ac2, if i reinstall on another machine
>>>>> and kill this one, what do i need to do to control the devices from that?
>>>>>
>>>>> On Tue, May 17, 2016 at 1:07 PM, Josh Reynolds <j...@kyneticwifi.com>
>>>>> wrote:
>>>>>
>>>>>> nothing monitors toughswitches. not really.
>>>>>>
>>>>>> kill them with fire anyway
>>>>>>
>>>>>> On Tue, May 17, 2016 at 12:35 PM, That One Guy /sarcasm <
>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>
>>>>>>> thats what i did, didnt find anything
>>>>>>>
>>>>>>> just found out, you apprently should not add a toghswitch, the UI is
>>>>>>> hanging now...thats the ubnt ive come to know :-)
>>>>>&

Re: [AFMUG] ubnt malware

[Josh Reynolds]

Eh, it modifies some mca attributes. It's not all in the config, but still
should be easy to do in ansible.

On Tue, May 17, 2016 at 6:25 PM, Mike Hammett <af...@ics-il.net> wrote:

> Now that I have some basics of ansible, it's easy to clear anything out of
> the config file for me.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL>
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
> <https://www.linkedin.com/company/intelligent-computing-solutions>
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix>
> <https://www.linkedin.com/company/midwest-internet-exchange>
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp>
>
>
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> ----------
> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
> *To: *af@afmug.com
> *Sent: *Tuesday, May 17, 2016 6:18:42 PM
> *Subject: *Re: [AFMUG] ubnt malware
>
> That only clears out the current monitoring session AFAIK, it doesn't
> remove entries from previous aircontrol or aircontrol2 server instances. I
> created a script to do this previously that took a flat file ip list input.
>
> On Tue, May 17, 2016 at 6:12 PM, Jesse DuPont <
> jesse.dup...@celeritycorp.net> wrote:
>
>> In the AC2 client connected to your test server, right-click each
>> monitored device, choose Stop Monitoring. After that, right-click each one
>> and choose Remove.
>>
>> *Jesse DuPont*
>>
>> Network Architect
>> email: jesse.dup...@celeritycorp.net
>> Celerity Networks LLC
>>
>> Celerity Broadband LLC
>> Like us! facebook.com/celeritynetworksllc
>>
>> Like us! facebook.com/celeritybroadband
>> On 5/17/16 5:10 PM, That One Guy /sarcasm wrote:
>>
>> whats the method to clear these ones out effectively
>>
>>
>> On Tue, May 17, 2016 at 1:27 PM, Josh Reynolds <j...@kyneticwifi.com>
>> wrote:
>>
>>> HNNNGGG don't do that.
>>>
>>> Every time you spin up and then kill an aircontrol server that you
>>> managed devices from, those devices will FOREVER try and report to that
>>> aircontrol server. Up to 4 or 5 per device. That generates a lot of ARP
>>> every 60 seconds or so when those servers don't exist anymore.
>>>
>>> It takes manual intervention via scripting on each device to get them
>>> clean.
>>>
>>> Put up a real server / vm, associate devices, and be done with it. Linux
>>> works best (by far).​
>>>
>>> On Tue, May 17, 2016 at 1:21 PM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> this was just a test install of ac2, if i reinstall on another machine
>>>> and kill this one, what do i need to do to control the devices from that?
>>>>
>>>> On Tue, May 17, 2016 at 1:07 PM, Josh Reynolds <j...@kyneticwifi.com>
>>>> wrote:
>>>>
>>>>> nothing monitors toughswitches. not really.
>>>>>
>>>>> kill them with fire anyway
>>>>>
>>>>> On Tue, May 17, 2016 at 12:35 PM, That One Guy /sarcasm <
>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> thats what i did, didnt find anything
>>>>>>
>>>>>> just found out, you apprently should not add a toghswitch, the UI is
>>>>>> hanging now...thats the ubnt ive come to know :-)
>>>>>>
>>>>>> On Tue, May 17, 2016 at 12:33 PM, Ty Featherling <
>>>>>> <tyfeatherl...@gmail.com>tyfeatherl...@gmail.com> wrote:
>>>>>>
>>>>>>> Discovery only works on layer 2. You have to switch it to IP mode
>>>>>>> and just type in subnets like so "10.10.5.0/24, 10.11.5.0/24, " and
>>>>>>> so on.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -Ty
>>>>>>>
>>>>>>> On Tue, May 17, 2016 at 12:27 PM, That One Guy /sarcasm <
>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>>
>>>>>>>> I still need to read up on how to s

Re: [AFMUG] ubnt malware

[Mike Hammett]

Now that I have some basics of ansible, it's easy to clear anything out of the 
config file for me. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Josh Reynolds" <j...@kyneticwifi.com> 
To: af@afmug.com 
Sent: Tuesday, May 17, 2016 6:18:42 PM 
Subject: Re: [AFMUG] ubnt malware 



That only clears out the current monitoring session AFAIK, it doesn't remove 
entries from previous aircontrol or aircontrol2 server instances. I created a 
script to do this previously that took a flat file ip list input. 


On Tue, May 17, 2016 at 6:12 PM, Jesse DuPont < jesse.dup...@celeritycorp.net > 
wrote: 




In the AC2 client connected to your test server, right-click each monitored 
device, choose Stop Monitoring. After that, right-click each one and choose 
Remove. 



Jesse DuPont 

Network Architect 
email: jesse.dup...@celeritycorp.net 
Celerity Networks LLC 
Celerity Broadband LLC 
Like us! facebook.com / celeritynetworksllc 
Like us! facebook.com /celeritybroadband 

On 5/17/16 5:10 PM, That One Guy /sarcasm wrote: 



whats the method to clear these ones out effectively 




On Tue, May 17, 2016 at 1:27 PM, Josh Reynolds < j...@kyneticwifi.com > wrote: 




HNNNGGG don't do that. 


Every time you spin up and then kill an aircontrol server that you managed 
devices from, those devices will FOREVER try and report to that aircontrol 
server. Up to 4 or 5 per device. That generates a lot of ARP every 60 seconds 
or so when those servers don't exist anymore. 


It takes manual intervention via scripting on each device to get them clean. 


Put up a real server / vm, associate devices, and be done with it. Linux works 
best (by far). 


On Tue, May 17, 2016 at 1:21 PM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 



this was just a test install of ac2, if i reinstall on another machine and kill 
this one, what do i need to do to control the devices from that? 




On Tue, May 17, 2016 at 1:07 PM, Josh Reynolds < j...@kyneticwifi.com > wrote: 




nothing monitors toughswitches. not really. 


kill them with fire anyway 




On Tue, May 17, 2016 at 12:35 PM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 



thats what i did, didnt find anything 


just found out, you apprently should not add a toghswitch, the UI is hanging 
now...thats the ubnt ive come to know :-) 




On Tue, May 17, 2016 at 12:33 PM, Ty Featherling < tyfeatherl...@gmail.com > 
wrote: 



Discovery only works on layer 2. You have to switch it to IP mode and just type 
in subnets like so " 10.10.5.0/24 , 10.11.5.0/24 , " and so on. 








-Ty 

On Tue, May 17, 2016 at 12:27 PM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 



I still need to read up on how to scan subnets, it fails to add anything. I 
have to manually add the device 


On Tue, May 17, 2016 at 12:22 PM, Ty Featherling < tyfeatherl...@gmail.com > 
wrote: 





I wish they hadn't abandoned it. It is one of the best things about running a 
ubnt network. I have mine scan my subnets every night so I have monitoring of 
all radios from the start. 



On May 17, 2016 12:04 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 



holy dog balls, that was a simple install and simple configuration. UBNT and 
beta together always scares me, but this is a slick tool. Chuck M must have 
overseen it since it actually works 




On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 



is the windows server variant heavy? 




On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 



nm, i see it now 




On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 



can you point me to where i would get it 






On Tue, May 17, 2016 at 11:14 AM, Ty Featherling < tyfeatherl...@gmail.com > 
wrote: 



Current AC2 is beta 21. I just installed it myself after a failed upgrade from 
my old beta 12 install. It will do mass firmware updates, password changes, and 
a set number of other configuration changes. The only 2 things I wish it did 
that it doesn't are firewall updates and viewing bridge tables for devices. 
Great tool for everything else. I installed the local beta of the new CRM thing 
and It seems like it barely does anything by comparison. If you go the the 
forums and find the AC2 beta forum, the first sticky post is the latest 
version. 


-Ty 








-Ty 

On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 



We need to do some mass password changes and verification of the firmware, I 
assume this AC2 does this, can somebody point me to the most current iteration 
of this? We do have the beta access. Im just fearful of wandering too much on 
the for

Re: [AFMUG] ubnt malware

[Josh Reynolds]

gt;>
>>>>>>>>>> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
>>>>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> nm, i see it now
>>>>>>>>>>>
>>>>>>>>>>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
>>>>>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> can you point me to where i would get it
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <
>>>>>>>>>>>> <tyfeatherl...@gmail.com>tyfeatherl...@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Current AC2 is beta 21. I just installed it myself after a
>>>>>>>>>>>>> failed upgrade from my old beta 12 install. It will do mass 
>>>>>>>>>>>>> firmware
>>>>>>>>>>>>> updates, password changes, and a set number of other 
>>>>>>>>>>>>> configuration changes.
>>>>>>>>>>>>> The only 2 things I wish it did that it doesn't are firewall 
>>>>>>>>>>>>> updates and
>>>>>>>>>>>>> viewing bridge tables for devices. Great tool for everything 
>>>>>>>>>>>>> else. I
>>>>>>>>>>>>> installed the local beta of the new CRM thing and It seems like 
>>>>>>>>>>>>> it barely
>>>>>>>>>>>>> does anything by comparison. If you go the the forums and find 
>>>>>>>>>>>>> the AC2 beta
>>>>>>>>>>>>> forum, the first sticky post is the latest version.
>>>>>>>>>>>>>
>>>>>>>>>>>>> -Ty
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> -Ty
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>>>>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> We need to do some mass password changes and verification of
>>>>>>>>>>>>>> the firmware, I assume this AC2 does this, can somebody point me 
>>>>>>>>>>>>>> to the
>>>>>>>>>>>>>> most current iteration of this? We do have the beta access. Im 
>>>>>>>>>>>>>> just fearful
>>>>>>>>>>>>>> of wandering too much on the forum looking.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Will AC2 let me add configurations en mass? I need to change
>>>>>>>>>>>>>> and add some settings, if there is a fairly simple way of doing 
>>>>>>>>>>>>>> this
>>>>>>>>>>>>>> (preferably with error checking) assuming that AC2 doesnt do it 
>>>>>>>>>>>>>> I would
>>>>>>>>>>>>>> sure appreciate some pointers (that dont assume I am a script 
>>>>>>>>>>>>>> magician)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <
>>>>>>>>>>>>>> <j...@kyneticwifi.com>j...@kyneticwifi.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> You want a toe? I can get you a toe, believe me. There are
>>>>>>>>>>>>>>> ways, Dude. You don't wanna know about it, believe me.
>>>>>>>>&g

Re: [AFMUG] ubnt malware

[Josh Reynolds]

herling <
>>>>>>>>>>>> tyfeatherl...@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Current AC2 is beta 21. I just installed it myself after a
>>>>>>>>>>>>> failed upgrade from my old beta 12 install. It will do mass 
>>>>>>>>>>>>> firmware
>>>>>>>>>>>>> updates, password changes, and a set number of other 
>>>>>>>>>>>>> configuration changes.
>>>>>>>>>>>>> The only 2 things I wish it did that it doesn't are firewall 
>>>>>>>>>>>>> updates and
>>>>>>>>>>>>> viewing bridge tables for devices. Great tool for everything 
>>>>>>>>>>>>> else. I
>>>>>>>>>>>>> installed the local beta of the new CRM thing and It seems like 
>>>>>>>>>>>>> it barely
>>>>>>>>>>>>> does anything by comparison. If you go the the forums and find 
>>>>>>>>>>>>> the AC2 beta
>>>>>>>>>>>>> forum, the first sticky post is the latest version.
>>>>>>>>>>>>>
>>>>>>>>>>>>> -Ty
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> -Ty
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>>>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> We need to do some mass password changes and verification of
>>>>>>>>>>>>>> the firmware, I assume this AC2 does this, can somebody point me 
>>>>>>>>>>>>>> to the
>>>>>>>>>>>>>> most current iteration of this? We do have the beta access. Im 
>>>>>>>>>>>>>> just fearful
>>>>>>>>>>>>>> of wandering too much on the forum looking.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Will AC2 let me add configurations en mass? I need to change
>>>>>>>>>>>>>> and add some settings, if there is a fairly simple way of doing 
>>>>>>>>>>>>>> this
>>>>>>>>>>>>>> (preferably with error checking) assuming that AC2 doesnt do it 
>>>>>>>>>>>>>> I would
>>>>>>>>>>>>>> sure appreciate some pointers (that dont assume I am a script 
>>>>>>>>>>>>>> magician)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <
>>>>>>>>>>>>>> j...@kyneticwifi.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> You want a toe? I can get you a toe, believe me. There are
>>>>>>>>>>>>>>> ways, Dude. You don't wanna know about it, believe me.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hell, I can get you a toe by 3 o'clock this afternoon...
>>>>>>>>>>>>>>> with nail polish.
>>>>>>>>>>>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <
>>>>>>>>>>>>>>> par...@cyberbroadband.net> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> hah
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

 set number of other configuration 
>>>>>>>>>>>> changes.
>>>>>>>>>>>> The only 2 things I wish it did that it doesn't are firewall 
>>>>>>>>>>>> updates and
>>>>>>>>>>>> viewing bridge tables for devices. Great tool for everything else. 
>>>>>>>>>>>> I
>>>>>>>>>>>> installed the local beta of the new CRM thing and It seems like it 
>>>>>>>>>>>> barely
>>>>>>>>>>>> does anything by comparison. If you go the the forums and find the 
>>>>>>>>>>>> AC2 beta
>>>>>>>>>>>> forum, the first sticky post is the latest version.
>>>>>>>>>>>>
>>>>>>>>>>>> -Ty
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> -Ty
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> We need to do some mass password changes and verification of
>>>>>>>>>>>>> the firmware, I assume this AC2 does this, can somebody point me 
>>>>>>>>>>>>> to the
>>>>>>>>>>>>> most current iteration of this? We do have the beta access. Im 
>>>>>>>>>>>>> just fearful
>>>>>>>>>>>>> of wandering too much on the forum looking.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Will AC2 let me add configurations en mass? I need to change
>>>>>>>>>>>>> and add some settings, if there is a fairly simple way of doing 
>>>>>>>>>>>>> this
>>>>>>>>>>>>> (preferably with error checking) assuming that AC2 doesnt do it I 
>>>>>>>>>>>>> would
>>>>>>>>>>>>> sure appreciate some pointers (that dont assume I am a script 
>>>>>>>>>>>>> magician)
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <
>>>>>>>>>>>>> j...@kyneticwifi.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> You want a toe? I can get you a toe, believe me. There are
>>>>>>>>>>>>>> ways, Dude. You don't wanna know about it, believe me.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hell, I can get you a toe by 3 o'clock this afternoon... with
>>>>>>>>>>>>>> nail polish.
>>>>>>>>>>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <
>>>>>>>>>>>>>> par...@cyberbroadband.net> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> hah
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> - Original Message -
>>>>>>>>>>>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>>>>>>>>>>>> *To:* af@afmug.com
>>>>>>>>>>>>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>>>>>>>>>>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> We're the hatiest! Our hate is refined though, and
>>>>>>>>>>>>>>> surgically applied. The 

Re: [AFMUG] ubnt malware

[Josh Reynolds]

 you go the the forums and find the 
>>>>>>>>>>> AC2 beta
>>>>>>>>>>> forum, the first sticky post is the latest version.
>>>>>>>>>>>
>>>>>>>>>>> -Ty
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> -Ty
>>>>>>>>>>>
>>>>>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> We need to do some mass password changes and verification of
>>>>>>>>>>>> the firmware, I assume this AC2 does this, can somebody point me 
>>>>>>>>>>>> to the
>>>>>>>>>>>> most current iteration of this? We do have the beta access. Im 
>>>>>>>>>>>> just fearful
>>>>>>>>>>>> of wandering too much on the forum looking.
>>>>>>>>>>>>
>>>>>>>>>>>> Will AC2 let me add configurations en mass? I need to change
>>>>>>>>>>>> and add some settings, if there is a fairly simple way of doing 
>>>>>>>>>>>> this
>>>>>>>>>>>> (preferably with error checking) assuming that AC2 doesnt do it I 
>>>>>>>>>>>> would
>>>>>>>>>>>> sure appreciate some pointers (that dont assume I am a script 
>>>>>>>>>>>> magician)
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <
>>>>>>>>>>>> j...@kyneticwifi.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> You want a toe? I can get you a toe, believe me. There are
>>>>>>>>>>>>> ways, Dude. You don't wanna know about it, believe me.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hell, I can get you a toe by 3 o'clock this afternoon... with
>>>>>>>>>>>>> nail polish.
>>>>>>>>>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <
>>>>>>>>>>>>> par...@cyberbroadband.net> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> hah
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> - Original Message -
>>>>>>>>>>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>>>>>>>>>>> *To:* af@afmug.com
>>>>>>>>>>>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>>>>>>>>>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> We're the hatiest! Our hate is refined though, and surgically
>>>>>>>>>>>>>> applied. The forums are more like monkeys throwing their 
>>>>>>>>>>>>>> hate-shit
>>>>>>>>>>>>>> indescriminately.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -Ty
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <
>>>>>>>>>>>>>> part15...@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> All your hate are belong to us.
>>>>>>>>>>>>>>>
>&

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

this was just a test install of ac2, if i reinstall on another machine and
kill this one, what do i need to do to control the devices from that?

On Tue, May 17, 2016 at 1:07 PM, Josh Reynolds <j...@kyneticwifi.com> wrote:

> nothing monitors toughswitches. not really.
>
> kill them with fire anyway
>
> On Tue, May 17, 2016 at 12:35 PM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> thats what i did, didnt find anything
>>
>> just found out, you apprently should not add a toghswitch, the UI is
>> hanging now...thats the ubnt ive come to know :-)
>>
>> On Tue, May 17, 2016 at 12:33 PM, Ty Featherling <tyfeatherl...@gmail.com
>> > wrote:
>>
>>> Discovery only works on layer 2. You have to switch it to IP mode and
>>> just type in subnets like so "10.10.5.0/24, 10.11.5.0/24, " and so on.
>>>
>>>
>>>
>>> -Ty
>>>
>>> On Tue, May 17, 2016 at 12:27 PM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> I still need to read up on how to scan subnets, it fails to add
>>>> anything. I have to manually add the device
>>>>
>>>> On Tue, May 17, 2016 at 12:22 PM, Ty Featherling <
>>>> tyfeatherl...@gmail.com> wrote:
>>>>
>>>>> I wish they hadn't abandoned it. It is one of the best things about
>>>>> running a ubnt network. I have mine scan my subnets every night so I have
>>>>> monitoring of all radios from the start.
>>>>> On May 17, 2016 12:04 PM, "That One Guy /sarcasm" <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> holy dog balls, that was a simple install and simple configuration.
>>>>>> UBNT and beta together always scares me, but this is a slick tool. Chuck 
>>>>>> M
>>>>>> must have overseen it since it actually works
>>>>>>
>>>>>> On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm <
>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>
>>>>>>> is the windows server variant heavy?
>>>>>>>
>>>>>>> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>
>>>>>>>> nm, i see it now
>>>>>>>>
>>>>>>>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
>>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> can you point me to where i would get it
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <
>>>>>>>>> tyfeatherl...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Current AC2 is beta 21. I just installed it myself after a failed
>>>>>>>>>> upgrade from my old beta 12 install. It will do mass firmware 
>>>>>>>>>> updates,
>>>>>>>>>> password changes, and a set number of other configuration changes. 
>>>>>>>>>> The only
>>>>>>>>>> 2 things I wish it did that it doesn't are firewall updates and 
>>>>>>>>>> viewing
>>>>>>>>>> bridge tables for devices. Great tool for everything else. I 
>>>>>>>>>> installed the
>>>>>>>>>> local beta of the new CRM thing and It seems like it barely does 
>>>>>>>>>> anything
>>>>>>>>>> by comparison. If you go the the forums and find the AC2 beta forum, 
>>>>>>>>>> the
>>>>>>>>>> first sticky post is the latest version.
>>>>>>>>>>
>>>>>>>>>> -Ty
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> -Ty
>>>>>>>>>>
>>>>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> We need to do some mass password changes 

Re: [AFMUG] ubnt malware

[Josh Reynolds]

nothing monitors toughswitches. not really.

kill them with fire anyway

On Tue, May 17, 2016 at 12:35 PM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> thats what i did, didnt find anything
>
> just found out, you apprently should not add a toghswitch, the UI is
> hanging now...thats the ubnt ive come to know :-)
>
> On Tue, May 17, 2016 at 12:33 PM, Ty Featherling <tyfeatherl...@gmail.com>
> wrote:
>
>> Discovery only works on layer 2. You have to switch it to IP mode and
>> just type in subnets like so "10.10.5.0/24, 10.11.5.0/24, " and so on.
>>
>>
>>
>> -Ty
>>
>> On Tue, May 17, 2016 at 12:27 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> I still need to read up on how to scan subnets, it fails to add
>>> anything. I have to manually add the device
>>>
>>> On Tue, May 17, 2016 at 12:22 PM, Ty Featherling <
>>> tyfeatherl...@gmail.com> wrote:
>>>
>>>> I wish they hadn't abandoned it. It is one of the best things about
>>>> running a ubnt network. I have mine scan my subnets every night so I have
>>>> monitoring of all radios from the start.
>>>> On May 17, 2016 12:04 PM, "That One Guy /sarcasm" <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> holy dog balls, that was a simple install and simple configuration.
>>>>> UBNT and beta together always scares me, but this is a slick tool. Chuck M
>>>>> must have overseen it since it actually works
>>>>>
>>>>> On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> is the windows server variant heavy?
>>>>>>
>>>>>> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>
>>>>>>> nm, i see it now
>>>>>>>
>>>>>>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>
>>>>>>>> can you point me to where i would get it
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <
>>>>>>>> tyfeatherl...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Current AC2 is beta 21. I just installed it myself after a failed
>>>>>>>>> upgrade from my old beta 12 install. It will do mass firmware updates,
>>>>>>>>> password changes, and a set number of other configuration changes. 
>>>>>>>>> The only
>>>>>>>>> 2 things I wish it did that it doesn't are firewall updates and 
>>>>>>>>> viewing
>>>>>>>>> bridge tables for devices. Great tool for everything else. I 
>>>>>>>>> installed the
>>>>>>>>> local beta of the new CRM thing and It seems like it barely does 
>>>>>>>>> anything
>>>>>>>>> by comparison. If you go the the forums and find the AC2 beta forum, 
>>>>>>>>> the
>>>>>>>>> first sticky post is the latest version.
>>>>>>>>>
>>>>>>>>> -Ty
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -Ty
>>>>>>>>>
>>>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> We need to do some mass password changes and verification of the
>>>>>>>>>> firmware, I assume this AC2 does this, can somebody point me to the 
>>>>>>>>>> most
>>>>>>>>>> current iteration of this? We do have the beta access. Im just 
>>>>>>>>>> fearful of
>>>>>>>>>> wandering too much on the forum looking.
>>>>>>>>>>
>>>>>>>>>> Will AC2 let me add configurations en mass? I need to change and
>>>>>>>>>> add some settings, if there is a fairly simple way of d

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

thats what i did, didnt find anything

just found out, you apprently should not add a toghswitch, the UI is
hanging now...thats the ubnt ive come to know :-)

On Tue, May 17, 2016 at 12:33 PM, Ty Featherling <tyfeatherl...@gmail.com>
wrote:

> Discovery only works on layer 2. You have to switch it to IP mode and just
> type in subnets like so "10.10.5.0/24, 10.11.5.0/24, " and so on.
>
>
>
> -Ty
>
> On Tue, May 17, 2016 at 12:27 PM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> I still need to read up on how to scan subnets, it fails to add anything.
>> I have to manually add the device
>>
>> On Tue, May 17, 2016 at 12:22 PM, Ty Featherling <tyfeatherl...@gmail.com
>> > wrote:
>>
>>> I wish they hadn't abandoned it. It is one of the best things about
>>> running a ubnt network. I have mine scan my subnets every night so I have
>>> monitoring of all radios from the start.
>>> On May 17, 2016 12:04 PM, "That One Guy /sarcasm" <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> holy dog balls, that was a simple install and simple configuration.
>>>> UBNT and beta together always scares me, but this is a slick tool. Chuck M
>>>> must have overseen it since it actually works
>>>>
>>>> On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> is the windows server variant heavy?
>>>>>
>>>>> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> nm, i see it now
>>>>>>
>>>>>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>
>>>>>>> can you point me to where i would get it
>>>>>>>
>>>>>>>
>>>>>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <
>>>>>>> tyfeatherl...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Current AC2 is beta 21. I just installed it myself after a failed
>>>>>>>> upgrade from my old beta 12 install. It will do mass firmware updates,
>>>>>>>> password changes, and a set number of other configuration changes. The 
>>>>>>>> only
>>>>>>>> 2 things I wish it did that it doesn't are firewall updates and viewing
>>>>>>>> bridge tables for devices. Great tool for everything else. I installed 
>>>>>>>> the
>>>>>>>> local beta of the new CRM thing and It seems like it barely does 
>>>>>>>> anything
>>>>>>>> by comparison. If you go the the forums and find the AC2 beta forum, 
>>>>>>>> the
>>>>>>>> first sticky post is the latest version.
>>>>>>>>
>>>>>>>> -Ty
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> -Ty
>>>>>>>>
>>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> We need to do some mass password changes and verification of the
>>>>>>>>> firmware, I assume this AC2 does this, can somebody point me to the 
>>>>>>>>> most
>>>>>>>>> current iteration of this? We do have the beta access. Im just 
>>>>>>>>> fearful of
>>>>>>>>> wandering too much on the forum looking.
>>>>>>>>>
>>>>>>>>> Will AC2 let me add configurations en mass? I need to change and
>>>>>>>>> add some settings, if there is a fairly simple way of doing this
>>>>>>>>> (preferably with error checking) assuming that AC2 doesnt do it I 
>>>>>>>>> would
>>>>>>>>> sure appreciate some pointers (that dont assume I am a script 
>>>>>>>>> magician)
>>>>>>>>>
>>>>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <
>>>>>>>>> j...@kyneticwifi.com> wrote:
>>>>>>>>>

Re: [AFMUG] ubnt malware

[Ty Featherling]

Discovery only works on layer 2. You have to switch it to IP mode and just
type in subnets like so "10.10.5.0/24, 10.11.5.0/24, " and so on.



-Ty

On Tue, May 17, 2016 at 12:27 PM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> I still need to read up on how to scan subnets, it fails to add anything.
> I have to manually add the device
>
> On Tue, May 17, 2016 at 12:22 PM, Ty Featherling <tyfeatherl...@gmail.com>
> wrote:
>
>> I wish they hadn't abandoned it. It is one of the best things about
>> running a ubnt network. I have mine scan my subnets every night so I have
>> monitoring of all radios from the start.
>> On May 17, 2016 12:04 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> holy dog balls, that was a simple install and simple configuration. UBNT
>>> and beta together always scares me, but this is a slick tool. Chuck M must
>>> have overseen it since it actually works
>>>
>>> On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> is the windows server variant heavy?
>>>>
>>>> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> nm, i see it now
>>>>>
>>>>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> can you point me to where i would get it
>>>>>>
>>>>>>
>>>>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <
>>>>>> tyfeatherl...@gmail.com> wrote:
>>>>>>
>>>>>>> Current AC2 is beta 21. I just installed it myself after a failed
>>>>>>> upgrade from my old beta 12 install. It will do mass firmware updates,
>>>>>>> password changes, and a set number of other configuration changes. The 
>>>>>>> only
>>>>>>> 2 things I wish it did that it doesn't are firewall updates and viewing
>>>>>>> bridge tables for devices. Great tool for everything else. I installed 
>>>>>>> the
>>>>>>> local beta of the new CRM thing and It seems like it barely does 
>>>>>>> anything
>>>>>>> by comparison. If you go the the forums and find the AC2 beta forum, the
>>>>>>> first sticky post is the latest version.
>>>>>>>
>>>>>>> -Ty
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -Ty
>>>>>>>
>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>>
>>>>>>>> We need to do some mass password changes and verification of the
>>>>>>>> firmware, I assume this AC2 does this, can somebody point me to the 
>>>>>>>> most
>>>>>>>> current iteration of this? We do have the beta access. Im just fearful 
>>>>>>>> of
>>>>>>>> wandering too much on the forum looking.
>>>>>>>>
>>>>>>>> Will AC2 let me add configurations en mass? I need to change and
>>>>>>>> add some settings, if there is a fairly simple way of doing this
>>>>>>>> (preferably with error checking) assuming that AC2 doesnt do it I would
>>>>>>>> sure appreciate some pointers (that dont assume I am a script magician)
>>>>>>>>
>>>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <
>>>>>>>> j...@kyneticwifi.com> wrote:
>>>>>>>>
>>>>>>>>> You want a toe? I can get you a toe, believe me. There are ways,
>>>>>>>>> Dude. You don't wanna know about it, believe me.
>>>>>>>>>
>>>>>>>>> Hell, I can get you a toe by 3 o'clock this afternoon... with nail
>>>>>>>>> polish.
>>>>>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <
>>>>>>>>> par...@cyberbroadband.net> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>&

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

I still need to read up on how to scan subnets, it fails to add anything. I
have to manually add the device

On Tue, May 17, 2016 at 12:22 PM, Ty Featherling <tyfeatherl...@gmail.com>
wrote:

> I wish they hadn't abandoned it. It is one of the best things about
> running a ubnt network. I have mine scan my subnets every night so I have
> monitoring of all radios from the start.
> On May 17, 2016 12:04 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
>> holy dog balls, that was a simple install and simple configuration. UBNT
>> and beta together always scares me, but this is a slick tool. Chuck M must
>> have overseen it since it actually works
>>
>> On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> is the windows server variant heavy?
>>>
>>> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> nm, i see it now
>>>>
>>>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> can you point me to where i would get it
>>>>>
>>>>>
>>>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <
>>>>> tyfeatherl...@gmail.com> wrote:
>>>>>
>>>>>> Current AC2 is beta 21. I just installed it myself after a failed
>>>>>> upgrade from my old beta 12 install. It will do mass firmware updates,
>>>>>> password changes, and a set number of other configuration changes. The 
>>>>>> only
>>>>>> 2 things I wish it did that it doesn't are firewall updates and viewing
>>>>>> bridge tables for devices. Great tool for everything else. I installed 
>>>>>> the
>>>>>> local beta of the new CRM thing and It seems like it barely does anything
>>>>>> by comparison. If you go the the forums and find the AC2 beta forum, the
>>>>>> first sticky post is the latest version.
>>>>>>
>>>>>> -Ty
>>>>>>
>>>>>>
>>>>>>
>>>>>> -Ty
>>>>>>
>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>
>>>>>>> We need to do some mass password changes and verification of the
>>>>>>> firmware, I assume this AC2 does this, can somebody point me to the most
>>>>>>> current iteration of this? We do have the beta access. Im just fearful 
>>>>>>> of
>>>>>>> wandering too much on the forum looking.
>>>>>>>
>>>>>>> Will AC2 let me add configurations en mass? I need to change and add
>>>>>>> some settings, if there is a fairly simple way of doing this (preferably
>>>>>>> with error checking) assuming that AC2 doesnt do it I would sure 
>>>>>>> appreciate
>>>>>>> some pointers (that dont assume I am a script magician)
>>>>>>>
>>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <
>>>>>>> j...@kyneticwifi.com> wrote:
>>>>>>>
>>>>>>>> You want a toe? I can get you a toe, believe me. There are ways,
>>>>>>>> Dude. You don't wanna know about it, believe me.
>>>>>>>>
>>>>>>>> Hell, I can get you a toe by 3 o'clock this afternoon... with nail
>>>>>>>> polish.
>>>>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <
>>>>>>>> par...@cyberbroadband.net> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>>>>>>
>>>>>>>>> hah
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> - Original Message -
>>>>>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>>>>>> *To:* af@afmug.com
>>>>>>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>>>>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>>>>>
>>>&

Re: [AFMUG] ubnt malware

[Ty Featherling]

I wish they hadn't abandoned it. It is one of the best things about running
a ubnt network. I have mine scan my subnets every night so I have
monitoring of all radios from the start.
On May 17, 2016 12:04 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
wrote:

> holy dog balls, that was a simple install and simple configuration. UBNT
> and beta together always scares me, but this is a slick tool. Chuck M must
> have overseen it since it actually works
>
> On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> is the windows server variant heavy?
>>
>> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> nm, i see it now
>>>
>>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> can you point me to where i would get it
>>>>
>>>>
>>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <
>>>> tyfeatherl...@gmail.com> wrote:
>>>>
>>>>> Current AC2 is beta 21. I just installed it myself after a failed
>>>>> upgrade from my old beta 12 install. It will do mass firmware updates,
>>>>> password changes, and a set number of other configuration changes. The 
>>>>> only
>>>>> 2 things I wish it did that it doesn't are firewall updates and viewing
>>>>> bridge tables for devices. Great tool for everything else. I installed the
>>>>> local beta of the new CRM thing and It seems like it barely does anything
>>>>> by comparison. If you go the the forums and find the AC2 beta forum, the
>>>>> first sticky post is the latest version.
>>>>>
>>>>> -Ty
>>>>>
>>>>>
>>>>>
>>>>> -Ty
>>>>>
>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> We need to do some mass password changes and verification of the
>>>>>> firmware, I assume this AC2 does this, can somebody point me to the most
>>>>>> current iteration of this? We do have the beta access. Im just fearful of
>>>>>> wandering too much on the forum looking.
>>>>>>
>>>>>> Will AC2 let me add configurations en mass? I need to change and add
>>>>>> some settings, if there is a fairly simple way of doing this (preferably
>>>>>> with error checking) assuming that AC2 doesnt do it I would sure 
>>>>>> appreciate
>>>>>> some pointers (that dont assume I am a script magician)
>>>>>>
>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <j...@kyneticwifi.com
>>>>>> > wrote:
>>>>>>
>>>>>>> You want a toe? I can get you a toe, believe me. There are ways,
>>>>>>> Dude. You don't wanna know about it, believe me.
>>>>>>>
>>>>>>> Hell, I can get you a toe by 3 o'clock this afternoon... with nail
>>>>>>> polish.
>>>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <
>>>>>>> par...@cyberbroadband.net> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>>>>>
>>>>>>>> hah
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> - Original Message -
>>>>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>>>>> *To:* af@afmug.com
>>>>>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>>>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>>>>
>>>>>>>> We're the hatiest! Our hate is refined though, and surgically
>>>>>>>> applied. The forums are more like monkeys throwing their hate-shit
>>>>>>>> indescriminately.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> -Ty
>>>>>>>>
>>>>>>>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

holy dog balls, that was a simple install and simple configuration. UBNT
and beta together always scares me, but this is a slick tool. Chuck M must
have overseen it since it actually works

On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> is the windows server variant heavy?
>
> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> nm, i see it now
>>
>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> can you point me to where i would get it
>>>
>>>
>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <
>>> tyfeatherl...@gmail.com> wrote:
>>>
>>>> Current AC2 is beta 21. I just installed it myself after a failed
>>>> upgrade from my old beta 12 install. It will do mass firmware updates,
>>>> password changes, and a set number of other configuration changes. The only
>>>> 2 things I wish it did that it doesn't are firewall updates and viewing
>>>> bridge tables for devices. Great tool for everything else. I installed the
>>>> local beta of the new CRM thing and It seems like it barely does anything
>>>> by comparison. If you go the the forums and find the AC2 beta forum, the
>>>> first sticky post is the latest version.
>>>>
>>>> -Ty
>>>>
>>>>
>>>>
>>>> -Ty
>>>>
>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> We need to do some mass password changes and verification of the
>>>>> firmware, I assume this AC2 does this, can somebody point me to the most
>>>>> current iteration of this? We do have the beta access. Im just fearful of
>>>>> wandering too much on the forum looking.
>>>>>
>>>>> Will AC2 let me add configurations en mass? I need to change and add
>>>>> some settings, if there is a fairly simple way of doing this (preferably
>>>>> with error checking) assuming that AC2 doesnt do it I would sure 
>>>>> appreciate
>>>>> some pointers (that dont assume I am a script magician)
>>>>>
>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <j...@kyneticwifi.com>
>>>>> wrote:
>>>>>
>>>>>> You want a toe? I can get you a toe, believe me. There are ways,
>>>>>> Dude. You don't wanna know about it, believe me.
>>>>>>
>>>>>> Hell, I can get you a toe by 3 o'clock this afternoon... with nail
>>>>>> polish.
>>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <
>>>>>> par...@cyberbroadband.net> wrote:
>>>>>>
>>>>>>>
>>>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>>>>
>>>>>>> hah
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> - Original Message -
>>>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>>>> *To:* af@afmug.com
>>>>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>>>
>>>>>>> We're the hatiest! Our hate is refined though, and surgically
>>>>>>> applied. The forums are more like monkeys throwing their hate-shit
>>>>>>> indescriminately.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -Ty
>>>>>>>
>>>>>>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> All your hate are belong to us.
>>>>>>>>
>>>>>>>>
>>>>>>>> bp
>>>>>>>> <part15sbs{at}gmail{dot}com>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 5/17/2016 6:25 AM, Chuck McCown wrote:
>>>>>>>>
>>>>>>>> Hey, we got hate here... I hate it when people complain about our
>>>>>>>> lack of hate.  We can hate with the best of them, just choose to 
>>>>>>>> reserve it
>>>&g

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

is the windows server variant heavy?

On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> nm, i see it now
>
> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> can you point me to where i would get it
>>
>>
>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <tyfeatherl...@gmail.com
>> > wrote:
>>
>>> Current AC2 is beta 21. I just installed it myself after a failed
>>> upgrade from my old beta 12 install. It will do mass firmware updates,
>>> password changes, and a set number of other configuration changes. The only
>>> 2 things I wish it did that it doesn't are firewall updates and viewing
>>> bridge tables for devices. Great tool for everything else. I installed the
>>> local beta of the new CRM thing and It seems like it barely does anything
>>> by comparison. If you go the the forums and find the AC2 beta forum, the
>>> first sticky post is the latest version.
>>>
>>> -Ty
>>>
>>>
>>>
>>> -Ty
>>>
>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> We need to do some mass password changes and verification of the
>>>> firmware, I assume this AC2 does this, can somebody point me to the most
>>>> current iteration of this? We do have the beta access. Im just fearful of
>>>> wandering too much on the forum looking.
>>>>
>>>> Will AC2 let me add configurations en mass? I need to change and add
>>>> some settings, if there is a fairly simple way of doing this (preferably
>>>> with error checking) assuming that AC2 doesnt do it I would sure appreciate
>>>> some pointers (that dont assume I am a script magician)
>>>>
>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <j...@kyneticwifi.com>
>>>> wrote:
>>>>
>>>>> You want a toe? I can get you a toe, believe me. There are ways, Dude.
>>>>> You don't wanna know about it, believe me.
>>>>>
>>>>> Hell, I can get you a toe by 3 o'clock this afternoon... with nail
>>>>> polish.
>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <par...@cyberbroadband.net>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>>>
>>>>>> hah
>>>>>>
>>>>>>
>>>>>>
>>>>>> - Original Message -
>>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>>> *To:* af@afmug.com
>>>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>>
>>>>>> We're the hatiest! Our hate is refined though, and surgically
>>>>>> applied. The forums are more like monkeys throwing their hate-shit
>>>>>> indescriminately.
>>>>>>
>>>>>>
>>>>>>
>>>>>> -Ty
>>>>>>
>>>>>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> All your hate are belong to us.
>>>>>>>
>>>>>>>
>>>>>>> bp
>>>>>>> <part15sbs{at}gmail{dot}com>
>>>>>>>
>>>>>>>
>>>>>>> On 5/17/2016 6:25 AM, Chuck McCown wrote:
>>>>>>>
>>>>>>> Hey, we got hate here... I hate it when people complain about our
>>>>>>> lack of hate.  We can hate with the best of them, just choose to 
>>>>>>> reserve it
>>>>>>> for a better time and place...  afmug: higher quality hate
>>>>>>>
>>>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>>>> *Sent:* Tuesday, May 17, 2016 7:21 AM
>>>>>>> *To:* af@afmug.com
>>>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>>>
>>>>>>> When Steve comes back from somewhere complaining of too much hate,
>>>>>>> you know that place is a hell-hole.
>>>>>>>
>>>>>>> -Ty
>>>>>>>
>>>>>>>
>>

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

nm, i see it now

On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> can you point me to where i would get it
>
>
> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <tyfeatherl...@gmail.com>
> wrote:
>
>> Current AC2 is beta 21. I just installed it myself after a failed upgrade
>> from my old beta 12 install. It will do mass firmware updates, password
>> changes, and a set number of other configuration changes. The only 2 things
>> I wish it did that it doesn't are firewall updates and viewing bridge
>> tables for devices. Great tool for everything else. I installed the local
>> beta of the new CRM thing and It seems like it barely does anything by
>> comparison. If you go the the forums and find the AC2 beta forum, the first
>> sticky post is the latest version.
>>
>> -Ty
>>
>>
>>
>> -Ty
>>
>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> We need to do some mass password changes and verification of the
>>> firmware, I assume this AC2 does this, can somebody point me to the most
>>> current iteration of this? We do have the beta access. Im just fearful of
>>> wandering too much on the forum looking.
>>>
>>> Will AC2 let me add configurations en mass? I need to change and add
>>> some settings, if there is a fairly simple way of doing this (preferably
>>> with error checking) assuming that AC2 doesnt do it I would sure appreciate
>>> some pointers (that dont assume I am a script magician)
>>>
>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <j...@kyneticwifi.com>
>>> wrote:
>>>
>>>> You want a toe? I can get you a toe, believe me. There are ways, Dude.
>>>> You don't wanna know about it, believe me.
>>>>
>>>> Hell, I can get you a toe by 3 o'clock this afternoon... with nail
>>>> polish.
>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <par...@cyberbroadband.net>
>>>> wrote:
>>>>
>>>>>
>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>>
>>>>> hah
>>>>>
>>>>>
>>>>>
>>>>> - Original Message -
>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>> *To:* af@afmug.com
>>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>
>>>>> We're the hatiest! Our hate is refined though, and surgically applied.
>>>>> The forums are more like monkeys throwing their hate-shit 
>>>>> indescriminately.
>>>>>
>>>>>
>>>>>
>>>>> -Ty
>>>>>
>>>>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> All your hate are belong to us.
>>>>>>
>>>>>>
>>>>>> bp
>>>>>> <part15sbs{at}gmail{dot}com>
>>>>>>
>>>>>>
>>>>>> On 5/17/2016 6:25 AM, Chuck McCown wrote:
>>>>>>
>>>>>> Hey, we got hate here... I hate it when people complain about our
>>>>>> lack of hate.  We can hate with the best of them, just choose to reserve 
>>>>>> it
>>>>>> for a better time and place...  afmug: higher quality hate
>>>>>>
>>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>>> *Sent:* Tuesday, May 17, 2016 7:21 AM
>>>>>> *To:* af@afmug.com
>>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>>
>>>>>> When Steve comes back from somewhere complaining of too much hate,
>>>>>> you know that place is a hell-hole.
>>>>>>
>>>>>> -Ty
>>>>>>
>>>>>>
>>>>>>
>>>>>> -Ty
>>>>>>
>>>>>> On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm <
>>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>>
>>>>>>> holy nuggets of hate. I just got done reading the 31 pages of hate,
>>>>>>> now i remember why i dont ever go there
>>>>>>>
>>>>>>> On Tue, May 17, 2016 at 12:49 AM, That 

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

can you point me to where i would get it


On Tue, May 17, 2016 at 11:14 AM, Ty Featherling <tyfeatherl...@gmail.com>
wrote:

> Current AC2 is beta 21. I just installed it myself after a failed upgrade
> from my old beta 12 install. It will do mass firmware updates, password
> changes, and a set number of other configuration changes. The only 2 things
> I wish it did that it doesn't are firewall updates and viewing bridge
> tables for devices. Great tool for everything else. I installed the local
> beta of the new CRM thing and It seems like it barely does anything by
> comparison. If you go the the forums and find the AC2 beta forum, the first
> sticky post is the latest version.
>
> -Ty
>
>
>
> -Ty
>
> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> We need to do some mass password changes and verification of the
>> firmware, I assume this AC2 does this, can somebody point me to the most
>> current iteration of this? We do have the beta access. Im just fearful of
>> wandering too much on the forum looking.
>>
>> Will AC2 let me add configurations en mass? I need to change and add some
>> settings, if there is a fairly simple way of doing this (preferably with
>> error checking) assuming that AC2 doesnt do it I would sure appreciate some
>> pointers (that dont assume I am a script magician)
>>
>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <j...@kyneticwifi.com>
>> wrote:
>>
>>> You want a toe? I can get you a toe, believe me. There are ways, Dude.
>>> You don't wanna know about it, believe me.
>>>
>>> Hell, I can get you a toe by 3 o'clock this afternoon... with nail
>>> polish.
>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <par...@cyberbroadband.net>
>>> wrote:
>>>
>>>>
>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>>
>>>> hah
>>>>
>>>>
>>>>
>>>> - Original Message -
>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>> *To:* af@afmug.com
>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>
>>>> We're the hatiest! Our hate is refined though, and surgically applied.
>>>> The forums are more like monkeys throwing their hate-shit indescriminately.
>>>>
>>>>
>>>>
>>>> -Ty
>>>>
>>>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com>
>>>> wrote:
>>>>
>>>>> All your hate are belong to us.
>>>>>
>>>>>
>>>>> bp
>>>>> <part15sbs{at}gmail{dot}com>
>>>>>
>>>>>
>>>>> On 5/17/2016 6:25 AM, Chuck McCown wrote:
>>>>>
>>>>> Hey, we got hate here... I hate it when people complain about our lack
>>>>> of hate.  We can hate with the best of them, just choose to reserve it for
>>>>> a better time and place...  afmug: higher quality hate
>>>>>
>>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>>> *Sent:* Tuesday, May 17, 2016 7:21 AM
>>>>> *To:* af@afmug.com
>>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>>
>>>>> When Steve comes back from somewhere complaining of too much hate, you
>>>>> know that place is a hell-hole.
>>>>>
>>>>> -Ty
>>>>>
>>>>>
>>>>>
>>>>> -Ty
>>>>>
>>>>> On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm <
>>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> holy nuggets of hate. I just got done reading the 31 pages of hate,
>>>>>> now i remember why i dont ever go there
>>>>>>
>>>>>> On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm <
>>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>>
>>>>>>> wow, port 19081 turns out to be pretty popular
>>>>>>> one im cleaning up now has a child connection active in it since i
>>>>>>> logged in, im curious what its doing
>>>>>>>
>>>>>>> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <
>>>>>>> <mhoward...@gmail.com>mhoward...@gmail.com> wrote:
>>>>

Re: [AFMUG] ubnt malware

[Ty Featherling]

Current AC2 is beta 21. I just installed it myself after a failed upgrade
from my old beta 12 install. It will do mass firmware updates, password
changes, and a set number of other configuration changes. The only 2 things
I wish it did that it doesn't are firewall updates and viewing bridge
tables for devices. Great tool for everything else. I installed the local
beta of the new CRM thing and It seems like it barely does anything by
comparison. If you go the the forums and find the AC2 beta forum, the first
sticky post is the latest version.

-Ty



-Ty

On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> We need to do some mass password changes and verification of the firmware,
> I assume this AC2 does this, can somebody point me to the most current
> iteration of this? We do have the beta access. Im just fearful of wandering
> too much on the forum looking.
>
> Will AC2 let me add configurations en mass? I need to change and add some
> settings, if there is a fairly simple way of doing this (preferably with
> error checking) assuming that AC2 doesnt do it I would sure appreciate some
> pointers (that dont assume I am a script magician)
>
> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <j...@kyneticwifi.com>
> wrote:
>
>> You want a toe? I can get you a toe, believe me. There are ways, Dude.
>> You don't wanna know about it, believe me.
>>
>> Hell, I can get you a toe by 3 o'clock this afternoon... with nail polish.
>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <par...@cyberbroadband.net>
>> wrote:
>>
>>>
>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>>
>>> hah
>>>
>>>
>>>
>>> - Original Message -
>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>> *To:* af@afmug.com
>>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>>> *Subject:* Re: [AFMUG] ubnt malware
>>>
>>> We're the hatiest! Our hate is refined though, and surgically applied.
>>> The forums are more like monkeys throwing their hate-shit indescriminately.
>>>
>>>
>>>
>>> -Ty
>>>
>>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com>
>>> wrote:
>>>
>>>> All your hate are belong to us.
>>>>
>>>>
>>>> bp
>>>> <part15sbs{at}gmail{dot}com>
>>>>
>>>>
>>>> On 5/17/2016 6:25 AM, Chuck McCown wrote:
>>>>
>>>> Hey, we got hate here... I hate it when people complain about our lack
>>>> of hate.  We can hate with the best of them, just choose to reserve it for
>>>> a better time and place...  afmug: higher quality hate
>>>>
>>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>>> *Sent:* Tuesday, May 17, 2016 7:21 AM
>>>> *To:* af@afmug.com
>>>> *Subject:* Re: [AFMUG] ubnt malware
>>>>
>>>> When Steve comes back from somewhere complaining of too much hate, you
>>>> know that place is a hell-hole.
>>>>
>>>> -Ty
>>>>
>>>>
>>>>
>>>> -Ty
>>>>
>>>> On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm <
>>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> holy nuggets of hate. I just got done reading the 31 pages of hate,
>>>>> now i remember why i dont ever go there
>>>>>
>>>>> On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> wow, port 19081 turns out to be pretty popular
>>>>>> one im cleaning up now has a child connection active in it since i
>>>>>> logged in, im curious what its doing
>>>>>>
>>>>>> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <
>>>>>> <mhoward...@gmail.com>mhoward...@gmail.com> wrote:
>>>>>>
>>>>>>> ...unless of course it gets on a PC at the office... in which case
>>>>>>> we'd be in trouble.
>>>>>>>
>>>>>>> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <
>>>>>>> <mhoward...@gmail.com>mhoward...@gmail.com> wrote:
>>>>>>>
>>>>>>>> True! but that hasn't happened yet, and it still shouldn't get
>>>>>>>> beyond that customer's radio.
>>>>>>>>
&g

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

We need to do some mass password changes and verification of the firmware,
I assume this AC2 does this, can somebody point me to the most current
iteration of this? We do have the beta access. Im just fearful of wandering
too much on the forum looking.

Will AC2 let me add configurations en mass? I need to change and add some
settings, if there is a fairly simple way of doing this (preferably with
error checking) assuming that AC2 doesnt do it I would sure appreciate some
pointers (that dont assume I am a script magician)

On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds <j...@kyneticwifi.com>
wrote:

> You want a toe? I can get you a toe, believe me. There are ways, Dude. You
> don't wanna know about it, believe me.
>
> Hell, I can get you a toe by 3 o'clock this afternoon... with nail polish.
> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <par...@cyberbroadband.net>
> wrote:
>
>>
>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>>
>> hah
>>
>>
>>
>> - Original Message -
>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>> *To:* af@afmug.com
>> *Sent:* Tuesday, May 17, 2016 8:29 AM
>> *Subject:* Re: [AFMUG] ubnt malware
>>
>> We're the hatiest! Our hate is refined though, and surgically applied.
>> The forums are more like monkeys throwing their hate-shit indescriminately.
>>
>>
>>
>> -Ty
>>
>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com> wrote:
>>
>>> All your hate are belong to us.
>>>
>>>
>>> bp
>>> <part15sbs{at}gmail{dot}com>
>>>
>>>
>>> On 5/17/2016 6:25 AM, Chuck McCown wrote:
>>>
>>> Hey, we got hate here... I hate it when people complain about our lack
>>> of hate.  We can hate with the best of them, just choose to reserve it for
>>> a better time and place...  afmug: higher quality hate
>>>
>>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>>> *Sent:* Tuesday, May 17, 2016 7:21 AM
>>> *To:* af@afmug.com
>>> *Subject:* Re: [AFMUG] ubnt malware
>>>
>>> When Steve comes back from somewhere complaining of too much hate, you
>>> know that place is a hell-hole.
>>>
>>> -Ty
>>>
>>>
>>>
>>> -Ty
>>>
>>> On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm <
>>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>>
>>>> holy nuggets of hate. I just got done reading the 31 pages of hate, now
>>>> i remember why i dont ever go there
>>>>
>>>> On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> wow, port 19081 turns out to be pretty popular
>>>>> one im cleaning up now has a child connection active in it since i
>>>>> logged in, im curious what its doing
>>>>>
>>>>> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <
>>>>> <mhoward...@gmail.com>mhoward...@gmail.com> wrote:
>>>>>
>>>>>> ...unless of course it gets on a PC at the office... in which case
>>>>>> we'd be in trouble.
>>>>>>
>>>>>> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <
>>>>>> <mhoward...@gmail.com>mhoward...@gmail.com> wrote:
>>>>>>
>>>>>>> True! but that hasn't happened yet, and it still shouldn't get
>>>>>>> beyond that customer's radio.
>>>>>>>
>>>>>>> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett < <af...@ics-il.net>
>>>>>>> af...@ics-il.net> wrote:
>>>>>>>
>>>>>>>> Until it gets delivered via Flash or Java or something else...   ;-)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> -
>>>>>>>> Mike Hammett
>>>>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>>>>> <https://www.facebook.com/ICSIL>
>>>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>>>>> <https://twitter.com/ICSIL>
>>>>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>>>>> <https://ww

Re: [AFMUG] ubnt malware

[Josh Reynolds]

You want a toe? I can get you a toe, believe me. There are ways, Dude. You
don't wanna know about it, believe me.

Hell, I can get you a toe by 3 o'clock this afternoon... with nail polish.
On May 17, 2016 9:43 AM, "CBB - Jay Fuller" <par...@cyberbroadband.net>
wrote:

>
> I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))
>
> hah
>
>
>
> - Original Message -
> *From:* Ty Featherling <tyfeatherl...@gmail.com>
> *To:* af@afmug.com
> *Sent:* Tuesday, May 17, 2016 8:29 AM
> *Subject:* Re: [AFMUG] ubnt malware
>
> We're the hatiest! Our hate is refined though, and surgically applied. The
> forums are more like monkeys throwing their hate-shit indescriminately.
>
>
>
> -Ty
>
> On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com> wrote:
>
>> All your hate are belong to us.
>>
>>
>> bp
>> <part15sbs{at}gmail{dot}com>
>>
>>
>> On 5/17/2016 6:25 AM, Chuck McCown wrote:
>>
>> Hey, we got hate here... I hate it when people complain about our lack of
>> hate.  We can hate with the best of them, just choose to reserve it for a
>> better time and place...  afmug: higher quality hate
>>
>> *From:* Ty Featherling <tyfeatherl...@gmail.com>
>> *Sent:* Tuesday, May 17, 2016 7:21 AM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] ubnt malware
>>
>> When Steve comes back from somewhere complaining of too much hate, you
>> know that place is a hell-hole.
>>
>> -Ty
>>
>>
>>
>> -Ty
>>
>> On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm <
>> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>>
>>> holy nuggets of hate. I just got done reading the 31 pages of hate, now
>>> i remember why i dont ever go there
>>>
>>> On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> wow, port 19081 turns out to be pretty popular
>>>> one im cleaning up now has a child connection active in it since i
>>>> logged in, im curious what its doing
>>>>
>>>> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <
>>>> <mhoward...@gmail.com>mhoward...@gmail.com> wrote:
>>>>
>>>>> ...unless of course it gets on a PC at the office... in which case
>>>>> we'd be in trouble.
>>>>>
>>>>> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <
>>>>> <mhoward...@gmail.com>mhoward...@gmail.com> wrote:
>>>>>
>>>>>> True! but that hasn't happened yet, and it still shouldn't get beyond
>>>>>> that customer's radio.
>>>>>>
>>>>>> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett < <af...@ics-il.net>
>>>>>> af...@ics-il.net> wrote:
>>>>>>
>>>>>>> Until it gets delivered via Flash or Java or something else...   ;-)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -
>>>>>>> Mike Hammett
>>>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>>>> <https://www.facebook.com/ICSIL>
>>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>>>> <https://twitter.com/ICSIL>
>>>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>>>> <https://www.facebook.com/mdwestix>
>>>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>>>> <https://twitter.com/mdwestix>
>>>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>>>
>>>>>>>
>>>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>>>>> --
>>>>>>> *From: *"Mathew Howard" < <mhoward...@gmail.com>mhoward...@gmail.com
>>>>>>> >
>>>>>>> *To: *"af" < <af@afmug.com>af@afmug.com>
>>>>>>> *Sent: *Monday, May 16, 2016 9:16:40 PM
>>>>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>>>>
>>>>>>> If you ha

Re: [AFMUG] ubnt malware

[CBB - Jay Fuller]

I WILL SEND YOU A BILL!!! (FOR YOUR HATE)))

hah


  - Original Message - 
  From: Ty Featherling 
  To: af@afmug.com 
  Sent: Tuesday, May 17, 2016 8:29 AM
  Subject: Re: [AFMUG] ubnt malware


  We're the hatiest! Our hate is refined though, and surgically applied. The 
forums are more like monkeys throwing their hate-shit indescriminately.







  -Ty


  On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com> wrote:

All your hate are belong to us.




bp
<part15sbs{at}gmail{dot}com>

On 5/17/2016 6:25 AM, Chuck McCown wrote:

  Hey, we got hate here... I hate it when people complain about our lack of 
hate.  We can hate with the best of them, just choose to reserve it for a 
better time and place...  afmug: higher quality hate

  From: Ty Featherling 
  Sent: Tuesday, May 17, 2016 7:21 AM
  To: af@afmug.com 
      Subject: Re: [AFMUG] ubnt malware

  When Steve comes back from somewhere complaining of too much hate, you 
know that place is a hell-hole. 

  -Ty



  -Ty

  On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm 
<thatoneguyst...@gmail.com> wrote:

holy nuggets of hate. I just got done reading the 31 pages of hate, now 
i remember why i dont ever go there

On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm 
<thatoneguyst...@gmail.com> wrote:

  wow, port 19081 turns out to be pretty popular 
  one im cleaning up now has a child connection active in it since i 
logged in, im curious what its doing

  On Mon, May 16, 2016 at 10:55 PM, Mathew Howard 
<mhoward...@gmail.com> wrote:

...unless of course it gets on a PC at the office... in which case 
we'd be in trouble.


On Mon, May 16, 2016 at 10:53 PM, Mathew Howard 
<mhoward...@gmail.com> wrote:

  True! but that hasn't happened yet, and it still shouldn't get 
beyond that customer's radio.


  On Mon, May 16, 2016 at 9:35 PM, Mike Hammett <af...@ics-il.net> 
wrote:

Until it gets delivered via Flash or Java or something else...  
 ;-)




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP








From: "Mathew Howard" <mhoward...@gmail.com>
To: "af" <af@afmug.com>
        Sent: Monday, May 16, 2016 9:16:40 PM
Subject: Re: [AFMUG] ubnt malware


If you have firewall rules at the edge of the network blocking 
the management ports ti the airrouters that are on public IPs, they're probably 
fine. We still have some radios that are on old firmware, but   I haven't been 
able to find anything on our network that's infected. Fortunately, when I was 
setting up the firewall rules to block access to the CPEs from outside our 
network, I decided it was desirable to block customers from being able to get 
to other customers radios as well... which should break the self replicating 
part of this thing, so even if it does somehow get into our network, it 
shouldn't be able to get far. 

That said, I'm updating everything that isn't on at least 5.6.2 
right away. 

On May 16, 2016 8:41 PM, "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com> wrote:

  yeah, thats amazing me, one fella was complaining about how 
much of a problem it would be to take a unit offline to get on a bench. I would 
think if things are that bad that your network is progressively shutting down, 
convenience would be the least of your concerns. 

  I have to investigate a couple anomalies on the network, in 
the back of my mind Im hoping the air routers have been hit to put a nail in 
their coffins so we cam go with mikrotiks as the CPE router instead

  On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds 
<j...@kyneticwifi.com> wrote:

Or threatening to sue because of their own personal 
ignorance and negligence.

On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> 
wrote:

  A good amount of it is just people that don't know any 
better making false observations.




  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP






--

  From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
  To: af@afmug.com
  Sent: Monday, May 16, 2016 8:19:00 PM
  Subject: [AFMUG] ubnt malwar

Re: [AFMUG] ubnt malware

[Josh Reynolds]

Monkies with fire dude.
On May 17, 2016 4:48 AM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
wrote:

> holy nuggets of hate. I just got done reading the 31 pages of hate, now i
> remember why i dont ever go there
>
> On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> wow, port 19081 turns out to be pretty popular
>> one im cleaning up now has a child connection active in it since i logged
>> in, im curious what its doing
>>
>> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <mhoward...@gmail.com>
>> wrote:
>>
>>> ...unless of course it gets on a PC at the office... in which case we'd
>>> be in trouble.
>>>
>>> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <mhoward...@gmail.com>
>>> wrote:
>>>
>>>> True! but that hasn't happened yet, and it still shouldn't get beyond
>>>> that customer's radio.
>>>>
>>>> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett <af...@ics-il.net> wrote:
>>>>
>>>>> Until it gets delivered via Flash or Java or something else...   ;-)
>>>>>
>>>>>
>>>>>
>>>>> -
>>>>> Mike Hammett
>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>> <https://www.facebook.com/ICSIL>
>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>> <https://twitter.com/ICSIL>
>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>> <https://www.facebook.com/mdwestix>
>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>> <https://twitter.com/mdwestix>
>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>
>>>>>
>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>>> --
>>>>> *From: *"Mathew Howard" <mhoward...@gmail.com>
>>>>> *To: *"af" <af@afmug.com>
>>>>> *Sent: *Monday, May 16, 2016 9:16:40 PM
>>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>>
>>>>> If you have firewall rules at the edge of the network blocking the
>>>>> management ports ti the airrouters that are on public IPs, they're 
>>>>> probably
>>>>> fine. We still have some radios that are on old firmware, but   I haven't
>>>>> been able to find anything on our network that's infected. Fortunately,
>>>>> when I was setting up the firewall rules to block access to the CPEs from
>>>>> outside our network, I decided it was desirable to block customers from
>>>>> being able to get to other customers radios as well... which should break
>>>>> the self replicating part of this thing, so even if it does somehow get
>>>>> into our network, it shouldn't be able to get far.
>>>>>
>>>>> That said, I'm updating everything that isn't on at least 5.6.2 right
>>>>> away.
>>>>> On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>> yeah, thats amazing me, one fella was complaining about how much of a
>>>>> problem it would be to take a unit offline to get on a bench. I would 
>>>>> think
>>>>> if things are that bad that your network is progressively shutting down,
>>>>> convenience would be the least of your concerns.
>>>>>
>>>>> I have to investigate a couple anomalies on the network, in the back
>>>>> of my mind Im hoping the air routers have been hit to put a nail in their
>>>>> coffins so we cam go with mikrotiks as the CPE router instead
>>>>>
>>>>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
>>>>> wrote:
>>>>>
>>>>>> Or threatening to sue because of their own personal ignorance and
>>>>>> negligence.
>>>>>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>>>>>
>>>>>>> A good amount of it is just people that don't know any bette

Re: [AFMUG] ubnt malware

[Ty Featherling]

We're the hatiest! Our hate is refined though, and surgically applied. The
forums are more like monkeys throwing their hate-shit indescriminately.



-Ty

On Tue, May 17, 2016 at 8:26 AM, Bill Prince <part15...@gmail.com> wrote:

> All your hate are belong to us.
>
>
> bp
> <part15sbs{at}gmail{dot}com>
>
>
> On 5/17/2016 6:25 AM, Chuck McCown wrote:
>
> Hey, we got hate here... I hate it when people complain about our lack of
> hate.  We can hate with the best of them, just choose to reserve it for a
> better time and place...  afmug: higher quality hate
>
> *From:* Ty Featherling <tyfeatherl...@gmail.com>
> *Sent:* Tuesday, May 17, 2016 7:21 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] ubnt malware
>
> When Steve comes back from somewhere complaining of too much hate, you
> know that place is a hell-hole.
>
> -Ty
>
>
>
> -Ty
>
> On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm <
> <thatoneguyst...@gmail.com>thatoneguyst...@gmail.com> wrote:
>
>> holy nuggets of hate. I just got done reading the 31 pages of hate, now i
>> remember why i dont ever go there
>>
>> On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> wow, port 19081 turns out to be pretty popular
>>> one im cleaning up now has a child connection active in it since i
>>> logged in, im curious what its doing
>>>
>>> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard < <mhoward...@gmail.com>
>>> mhoward...@gmail.com> wrote:
>>>
>>>> ...unless of course it gets on a PC at the office... in which case we'd
>>>> be in trouble.
>>>>
>>>> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <
>>>> <mhoward...@gmail.com>mhoward...@gmail.com> wrote:
>>>>
>>>>> True! but that hasn't happened yet, and it still shouldn't get beyond
>>>>> that customer's radio.
>>>>>
>>>>> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett < <af...@ics-il.net>
>>>>> af...@ics-il.net> wrote:
>>>>>
>>>>>> Until it gets delivered via Flash or Java or something else...   ;-)
>>>>>>
>>>>>>
>>>>>>
>>>>>> -
>>>>>> Mike Hammett
>>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>>> <https://www.facebook.com/ICSIL>
>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>>> <https://twitter.com/ICSIL>
>>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>>> <https://www.facebook.com/mdwestix>
>>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>>> <https://twitter.com/mdwestix>
>>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>>
>>>>>>
>>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>>>> --
>>>>>> *From: *"Mathew Howard" < <mhoward...@gmail.com>mhoward...@gmail.com>
>>>>>> *To: *"af" < <af@afmug.com>af@afmug.com>
>>>>>> *Sent: *Monday, May 16, 2016 9:16:40 PM
>>>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>>>
>>>>>> If you have firewall rules at the edge of the network blocking the
>>>>>> management ports ti the airrouters that are on public IPs, they're 
>>>>>> probably
>>>>>> fine. We still have some radios that are on old firmware, but   I haven't
>>>>>> been able to find anything on our network that's infected. Fortunately,
>>>>>> when I was setting up the firewall rules to block access to the CPEs from
>>>>>> outside our network, I decided it was desirable to block customers from
>>>>>> being able to get to other customers radios as well... which should break
>>>>>> the self replicating part of this thing, so even if it does somehow get
>>>>>> into our network, it shouldn't be able to get far.
>>>>>>
>>>>>> That said, I'm updating everything that isn't on at least 5.6.2 right
>>&

Re: [AFMUG] ubnt malware

[Bill Prince]

All your hate are belong to us.


bp
<part15sbs{at}gmail{dot}com>

On 5/17/2016 6:25 AM, Chuck McCown wrote:
Hey, we got hate here... I hate it when people complain about our lack 
of hate.  We can hate with the best of them, just choose to reserve it 
for a better time and place... afmug: higher quality hate

*From:* Ty Featherling <mailto:tyfeatherl...@gmail.com>
*Sent:* Tuesday, May 17, 2016 7:21 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] ubnt malware
When Steve comes back from somewhere complaining of too much hate, you 
know that place is a hell-hole.

-Ty
-Ty
On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm 
<thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote:


holy nuggets of hate. I just got done reading the 31 pages of
hate, now i remember why i dont ever go there
On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm
<thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote:

wow, port 19081 turns out to be pretty popular
one im cleaning up now has a child connection active in it
since i logged in, im curious what its doing
On Mon, May 16, 2016 at 10:55 PM, Mathew Howard
<mhoward...@gmail.com <mailto:mhoward...@gmail.com>> wrote:

...unless of course it gets on a PC at the office... in
which case we'd be in trouble.
On Mon, May 16, 2016 at 10:53 PM, Mathew Howard
<mhoward...@gmail.com <mailto:mhoward...@gmail.com>> wrote:

True! but that hasn't happened yet, and it still
shouldn't get beyond that customer's radio.
On Mon, May 16, 2016 at 9:35 PM, Mike Hammett
<af...@ics-il.net <mailto:af...@ics-il.net>> wrote:

Until it gets delivered via Flash or Java or
something else...   ;-)



-
Mike Hammett
Intelligent Computing Solutions
<http://www.ics-il.com/>

<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>

<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>


*From: *"Mathew Howard" <mhoward...@gmail.com
<mailto:mhoward...@gmail.com>>
        *To: *"af" <af@afmug.com <mailto:af@afmug.com>>
*Sent: *Monday, May 16, 2016 9:16:40 PM
*Subject: *Re: [AFMUG] ubnt malware

If you have firewall rules at the edge of the
network blocking the management ports ti the
airrouters that are on public IPs, they're
probably fine. We still have some radios that are
on old firmware, but   I haven't been able to find
anything on our network that's infected.
Fortunately, when I was setting up the firewall
rules to block access to the CPEs from outside our
network, I decided it was desirable to block
customers from being able to get to other
customers radios as well... which should break the
self replicating part of this thing, so even if it
does somehow get into our network, it shouldn't be
able to get far.

That said, I'm updating everything that isn't on
at least 5.6.2 right away.

On May 16, 2016 8:41 PM, "That One Guy /sarcasm"
<thatoneguyst...@gmail.com
<mailto:thatoneguyst...@gmail.com>> wrote:

yeah, thats amazing me, one fella was
complaining about how much of a problem it
would be to take a unit offline to get on a
bench. I would think if things are that bad
that your network is progressively shutting
down, convenience would be the least of your
concerns.
I have to investiga

Re: [AFMUG] ubnt malware

[Chuck McCown]

Hey, we got hate here... I hate it when people complain about our lack of hate. 
 We can hate with the best of them, just choose to reserve it for a better time 
and place...  afmug: higher quality hate

From: Ty Featherling 
Sent: Tuesday, May 17, 2016 7:21 AM
To: af@afmug.com 
Subject: Re: [AFMUG] ubnt malware

When Steve comes back from somewhere complaining of too much hate, you know 
that place is a hell-hole. 

-Ty



-Ty

On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm 
<thatoneguyst...@gmail.com> wrote:

  holy nuggets of hate. I just got done reading the 31 pages of hate, now i 
remember why i dont ever go there

  On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm 
<thatoneguyst...@gmail.com> wrote:

wow, port 19081 turns out to be pretty popular 
one im cleaning up now has a child connection active in it since i logged 
in, im curious what its doing

On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <mhoward...@gmail.com> 
wrote:

  ...unless of course it gets on a PC at the office... in which case we'd 
be in trouble.


  On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <mhoward...@gmail.com> 
wrote:

True! but that hasn't happened yet, and it still shouldn't get beyond 
that customer's radio.


On Mon, May 16, 2016 at 9:35 PM, Mike Hammett <af...@ics-il.net> wrote:

  Until it gets delivered via Flash or Java or something else...   ;-)




  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP






--

  From: "Mathew Howard" <mhoward...@gmail.com>
  To: "af" <af@afmug.com>
      Sent: Monday, May 16, 2016 9:16:40 PM
  Subject: Re: [AFMUG] ubnt malware


  If you have firewall rules at the edge of the network blocking the 
management ports ti the airrouters that are on public IPs, they're probably 
fine. We still have some radios that are on old firmware, but   I haven't been 
able to find anything on our network that's infected. Fortunately, when I was 
setting up the firewall rules to block access to the CPEs from outside our 
network, I decided it was desirable to block customers from being able to get 
to other customers radios as well... which should break the self replicating 
part of this thing, so even if it does somehow get into our network, it 
shouldn't be able to get far. 

  That said, I'm updating everything that isn't on at least 5.6.2 right 
away. 

  On May 16, 2016 8:41 PM, "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com> wrote:

yeah, thats amazing me, one fella was complaining about how much of 
a problem it would be to take a unit offline to get on a bench. I would think 
if things are that bad that your network is progressively shutting down, 
convenience would be the least of your concerns. 

I have to investigate a couple anomalies on the network, in the 
back of my mind Im hoping the air routers have been hit to put a nail in their 
coffins so we cam go with mikrotiks as the CPE router instead

On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds 
<j...@kyneticwifi.com> wrote:

  Or threatening to sue because of their own personal ignorance and 
negligence.

  On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:

A good amount of it is just people that don't know any better 
making false observations.




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP








From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
To: af@afmug.com
Sent: Monday, May 16, 2016 8:19:00 PM
Subject: [AFMUG] ubnt malware


From what im reading in their forums something set off over the 
weekend? or is it ubnt douche nozzles? 

It sounds almost as if this malware is actively being 
manipulated (changing from key access to foul username/password, wandering 
control ports, etc, like script kiddies found a new toy?

is this thing self propagating from the device?


-- 

If you only see yourself as part of the team but you don't see 
your team as part of yourself you have already failed as part of the team.





-- 

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.







-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have alrea

Re: [AFMUG] ubnt malware

[Ty Featherling]

When Steve comes back from somewhere complaining of too much hate, you know
that place is a hell-hole.

-Ty



-Ty

On Tue, May 17, 2016 at 4:48 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> holy nuggets of hate. I just got done reading the 31 pages of hate, now i
> remember why i dont ever go there
>
> On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> wow, port 19081 turns out to be pretty popular
>> one im cleaning up now has a child connection active in it since i logged
>> in, im curious what its doing
>>
>> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <mhoward...@gmail.com>
>> wrote:
>>
>>> ...unless of course it gets on a PC at the office... in which case we'd
>>> be in trouble.
>>>
>>> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <mhoward...@gmail.com>
>>> wrote:
>>>
>>>> True! but that hasn't happened yet, and it still shouldn't get beyond
>>>> that customer's radio.
>>>>
>>>> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett <af...@ics-il.net> wrote:
>>>>
>>>>> Until it gets delivered via Flash or Java or something else...   ;-)
>>>>>
>>>>>
>>>>>
>>>>> -
>>>>> Mike Hammett
>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>> <https://www.facebook.com/ICSIL>
>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>> <https://twitter.com/ICSIL>
>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>> <https://www.facebook.com/mdwestix>
>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>> <https://twitter.com/mdwestix>
>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>
>>>>>
>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>>> --
>>>>> *From: *"Mathew Howard" <mhoward...@gmail.com>
>>>>> *To: *"af" <af@afmug.com>
>>>>> *Sent: *Monday, May 16, 2016 9:16:40 PM
>>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>>
>>>>> If you have firewall rules at the edge of the network blocking the
>>>>> management ports ti the airrouters that are on public IPs, they're 
>>>>> probably
>>>>> fine. We still have some radios that are on old firmware, but   I haven't
>>>>> been able to find anything on our network that's infected. Fortunately,
>>>>> when I was setting up the firewall rules to block access to the CPEs from
>>>>> outside our network, I decided it was desirable to block customers from
>>>>> being able to get to other customers radios as well... which should break
>>>>> the self replicating part of this thing, so even if it does somehow get
>>>>> into our network, it shouldn't be able to get far.
>>>>>
>>>>> That said, I'm updating everything that isn't on at least 5.6.2 right
>>>>> away.
>>>>> On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>> yeah, thats amazing me, one fella was complaining about how much of a
>>>>> problem it would be to take a unit offline to get on a bench. I would 
>>>>> think
>>>>> if things are that bad that your network is progressively shutting down,
>>>>> convenience would be the least of your concerns.
>>>>>
>>>>> I have to investigate a couple anomalies on the network, in the back
>>>>> of my mind Im hoping the air routers have been hit to put a nail in their
>>>>> coffins so we cam go with mikrotiks as the CPE router instead
>>>>>
>>>>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
>>>>> wrote:
>>>>>
>>>>>> Or threatening to sue because of their own personal ignorance and
>>>>>> negligence.
>>>>>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>>>>>

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

holy nuggets of hate. I just got done reading the 31 pages of hate, now i
remember why i dont ever go there

On Tue, May 17, 2016 at 12:49 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> wow, port 19081 turns out to be pretty popular
> one im cleaning up now has a child connection active in it since i logged
> in, im curious what its doing
>
> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <mhoward...@gmail.com>
> wrote:
>
>> ...unless of course it gets on a PC at the office... in which case we'd
>> be in trouble.
>>
>> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <mhoward...@gmail.com>
>> wrote:
>>
>>> True! but that hasn't happened yet, and it still shouldn't get beyond
>>> that customer's radio.
>>>
>>> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett <af...@ics-il.net> wrote:
>>>
>>>> Until it gets delivered via Flash or Java or something else...   ;-)
>>>>
>>>>
>>>>
>>>> -
>>>> Mike Hammett
>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>> <https://www.facebook.com/ICSIL>
>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>> <https://twitter.com/ICSIL>
>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>> <https://www.facebook.com/mdwestix>
>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>> <https://twitter.com/mdwestix>
>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>> <https://www.facebook.com/thebrotherswisp>
>>>>
>>>>
>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>> --
>>>> *From: *"Mathew Howard" <mhoward...@gmail.com>
>>>> *To: *"af" <af@afmug.com>
>>>> *Sent: *Monday, May 16, 2016 9:16:40 PM
>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>
>>>> If you have firewall rules at the edge of the network blocking the
>>>> management ports ti the airrouters that are on public IPs, they're probably
>>>> fine. We still have some radios that are on old firmware, but   I haven't
>>>> been able to find anything on our network that's infected. Fortunately,
>>>> when I was setting up the firewall rules to block access to the CPEs from
>>>> outside our network, I decided it was desirable to block customers from
>>>> being able to get to other customers radios as well... which should break
>>>> the self replicating part of this thing, so even if it does somehow get
>>>> into our network, it shouldn't be able to get far.
>>>>
>>>> That said, I'm updating everything that isn't on at least 5.6.2 right
>>>> away.
>>>> On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>> yeah, thats amazing me, one fella was complaining about how much of a
>>>> problem it would be to take a unit offline to get on a bench. I would think
>>>> if things are that bad that your network is progressively shutting down,
>>>> convenience would be the least of your concerns.
>>>>
>>>> I have to investigate a couple anomalies on the network, in the back of
>>>> my mind Im hoping the air routers have been hit to put a nail in their
>>>> coffins so we cam go with mikrotiks as the CPE router instead
>>>>
>>>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
>>>> wrote:
>>>>
>>>>> Or threatening to sue because of their own personal ignorance and
>>>>> negligence.
>>>>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>>>>
>>>>>> A good amount of it is just people that don't know any better making
>>>>>> false observations.
>>>>>>
>>>>>>
>>>>>>
>>>>>> -
>>>>>> Mike Hammett
>>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>>> <https://www.facebook.com/ICSIL>
>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>>> <https://www.linkedin.com/c

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

wow, port 19081 turns out to be pretty popular
one im cleaning up now has a child connection active in it since i logged
in, im curious what its doing

On Mon, May 16, 2016 at 10:55 PM, Mathew Howard <mhoward...@gmail.com>
wrote:

> ...unless of course it gets on a PC at the office... in which case we'd be
> in trouble.
>
> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <mhoward...@gmail.com>
> wrote:
>
>> True! but that hasn't happened yet, and it still shouldn't get beyond
>> that customer's radio.
>>
>> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett <af...@ics-il.net> wrote:
>>
>>> Until it gets delivered via Flash or Java or something else...   ;-)
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>> <https://www.facebook.com/ICSIL>
>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>> <https://twitter.com/ICSIL>
>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>> <https://www.facebook.com/mdwestix>
>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>> <https://twitter.com/mdwestix>
>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>> <https://www.facebook.com/thebrotherswisp>
>>>
>>>
>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>> --
>>> *From: *"Mathew Howard" <mhoward...@gmail.com>
>>> *To: *"af" <af@afmug.com>
>>> *Sent: *Monday, May 16, 2016 9:16:40 PM
>>> *Subject: *Re: [AFMUG] ubnt malware
>>>
>>> If you have firewall rules at the edge of the network blocking the
>>> management ports ti the airrouters that are on public IPs, they're probably
>>> fine. We still have some radios that are on old firmware, but   I haven't
>>> been able to find anything on our network that's infected. Fortunately,
>>> when I was setting up the firewall rules to block access to the CPEs from
>>> outside our network, I decided it was desirable to block customers from
>>> being able to get to other customers radios as well... which should break
>>> the self replicating part of this thing, so even if it does somehow get
>>> into our network, it shouldn't be able to get far.
>>>
>>> That said, I'm updating everything that isn't on at least 5.6.2 right
>>> away.
>>> On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>> yeah, thats amazing me, one fella was complaining about how much of a
>>> problem it would be to take a unit offline to get on a bench. I would think
>>> if things are that bad that your network is progressively shutting down,
>>> convenience would be the least of your concerns.
>>>
>>> I have to investigate a couple anomalies on the network, in the back of
>>> my mind Im hoping the air routers have been hit to put a nail in their
>>> coffins so we cam go with mikrotiks as the CPE router instead
>>>
>>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
>>> wrote:
>>>
>>>> Or threatening to sue because of their own personal ignorance and
>>>> negligence.
>>>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>>>
>>>>> A good amount of it is just people that don't know any better making
>>>>> false observations.
>>>>>
>>>>>
>>>>>
>>>>> -
>>>>> Mike Hammett
>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>> <https://www.facebook.com/ICSIL>
>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>> <https://twitter.com/ICSIL>
>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>> <https://www.facebook.com/mdwestix>
>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>> <https://twitter.com/mdwestix>
>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>
>

Re: [AFMUG] ubnt malware

[Mathew Howard]

...unless of course it gets on a PC at the office... in which case we'd be
in trouble.

On Mon, May 16, 2016 at 10:53 PM, Mathew Howard <mhoward...@gmail.com>
wrote:

> True! but that hasn't happened yet, and it still shouldn't get beyond that
> customer's radio.
>
> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett <af...@ics-il.net> wrote:
>
>> Until it gets delivered via Flash or Java or something else...   ;-)
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions <http://www.ics-il.com/>
>> <https://www.facebook.com/ICSIL>
>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>> <https://twitter.com/ICSIL>
>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>> <https://www.facebook.com/mdwestix>
>> <https://www.linkedin.com/company/midwest-internet-exchange>
>> <https://twitter.com/mdwestix>
>> The Brothers WISP <http://www.thebrotherswisp.com/>
>> <https://www.facebook.com/thebrotherswisp>
>>
>>
>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>> --
>> *From: *"Mathew Howard" <mhoward...@gmail.com>
>> *To: *"af" <af@afmug.com>
>> *Sent: *Monday, May 16, 2016 9:16:40 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>> If you have firewall rules at the edge of the network blocking the
>> management ports ti the airrouters that are on public IPs, they're probably
>> fine. We still have some radios that are on old firmware, but   I haven't
>> been able to find anything on our network that's infected. Fortunately,
>> when I was setting up the firewall rules to block access to the CPEs from
>> outside our network, I decided it was desirable to block customers from
>> being able to get to other customers radios as well... which should break
>> the self replicating part of this thing, so even if it does somehow get
>> into our network, it shouldn't be able to get far.
>>
>> That said, I'm updating everything that isn't on at least 5.6.2 right
>> away.
>> On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>> yeah, thats amazing me, one fella was complaining about how much of a
>> problem it would be to take a unit offline to get on a bench. I would think
>> if things are that bad that your network is progressively shutting down,
>> convenience would be the least of your concerns.
>>
>> I have to investigate a couple anomalies on the network, in the back of
>> my mind Im hoping the air routers have been hit to put a nail in their
>> coffins so we cam go with mikrotiks as the CPE router instead
>>
>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
>> wrote:
>>
>>> Or threatening to sue because of their own personal ignorance and
>>> negligence.
>>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>>
>>>> A good amount of it is just people that don't know any better making
>>>> false observations.
>>>>
>>>>
>>>>
>>>> -
>>>> Mike Hammett
>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>> <https://www.facebook.com/ICSIL>
>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>> <https://twitter.com/ICSIL>
>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>> <https://www.facebook.com/mdwestix>
>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>> <https://twitter.com/mdwestix>
>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>> <https://www.facebook.com/thebrotherswisp>
>>>>
>>>>
>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>> --
>>>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>>>> *To: *af@afmug.com
>>>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>>>> *Subject: *[AFMUG] ubnt malware
>>>>
>>>> From what im reading in their forums something set off over the
>>>> weekend? or is it ubnt douche nozzles?
>>>>
>>>> It sounds almost as if this malware is actively being manipulated
>>>> (changing from key access to foul username/password, wandering control
>>>> ports, etc, like script kiddies found a new toy?
>>>>
>>>> is this thing self propagating from the device?
>>>>
>>>> --
>>>> If you only see yourself as part of the team but you don't see your
>>>> team as part of yourself you have already failed as part of the team.
>>>>
>>>>
>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>
>>
>

Re: [AFMUG] ubnt malware

[Mathew Howard]

True! but that hasn't happened yet, and it still shouldn't get beyond that
customer's radio.

On Mon, May 16, 2016 at 9:35 PM, Mike Hammett <af...@ics-il.net> wrote:

> Until it gets delivered via Flash or Java or something else...   ;-)
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL>
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
> <https://www.linkedin.com/company/intelligent-computing-solutions>
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix>
> <https://www.linkedin.com/company/midwest-internet-exchange>
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp>
>
>
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> ----------
> *From: *"Mathew Howard" <mhoward...@gmail.com>
> *To: *"af" <af@afmug.com>
> *Sent: *Monday, May 16, 2016 9:16:40 PM
> *Subject: *Re: [AFMUG] ubnt malware
>
> If you have firewall rules at the edge of the network blocking the
> management ports ti the airrouters that are on public IPs, they're probably
> fine. We still have some radios that are on old firmware, but   I haven't
> been able to find anything on our network that's infected. Fortunately,
> when I was setting up the firewall rules to block access to the CPEs from
> outside our network, I decided it was desirable to block customers from
> being able to get to other customers radios as well... which should break
> the self replicating part of this thing, so even if it does somehow get
> into our network, it shouldn't be able to get far.
>
> That said, I'm updating everything that isn't on at least 5.6.2 right
> away.
> On May 16, 2016 8:41 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
> yeah, thats amazing me, one fella was complaining about how much of a
> problem it would be to take a unit offline to get on a bench. I would think
> if things are that bad that your network is progressively shutting down,
> convenience would be the least of your concerns.
>
> I have to investigate a couple anomalies on the network, in the back of my
> mind Im hoping the air routers have been hit to put a nail in their coffins
> so we cam go with mikrotiks as the CPE router instead
>
> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
> wrote:
>
>> Or threatening to sue because of their own personal ignorance and
>> negligence.
>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>
>>> A good amount of it is just people that don't know any better making
>>> false observations.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>> <https://www.facebook.com/ICSIL>
>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>> <https://twitter.com/ICSIL>
>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>> <https://www.facebook.com/mdwestix>
>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>> <https://twitter.com/mdwestix>
>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>> <https://www.facebook.com/thebrotherswisp>
>>>
>>>
>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>> --
>>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>>> *Subject: *[AFMUG] ubnt malware
>>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>

Re: [AFMUG] ubnt malware

[CBB - Jay Fuller]

don't think i've come across that - - except maybe the http port was changed?
perhaps hammett can chime in, i think he's read all 30 pages too lol

  - Original Message - 
  From: TJ Trout 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 9:13 PM
  Subject: Re: [AFMUG] ubnt malware


  Anyone have luck fixing a unit that won't respond to ssh or http?


  On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller <par...@cyberbroadband.net> 
wrote:


Yup. Spent 3 hours reading it all last night

  - Original Message - 
  From: Josh Reynolds 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 8:56 PM
  Subject: Re: [AFMUG] ubnt malware


  There's a huge like 27 page forum thread on it.

  On May 16, 2016 8:38 PM, "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com> wrote:

are we talking can see layer two, can see via device discovery, thats a 
broad term 


Is there any direct thread on specific symptoms beyond devices offline 
and any traces of what takes place post infection, ive seen some comments 
theyre doing port 53 vpns to send spam, just curios what else.


Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 
3


We only have a handful of air routers with public IPs on them, 
everything else is internal space


the self replication is what im wondering about, the devices on each 
network segment are subnet isolated, but still on the same layer2


On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:

  Initially...  then every other radio (and switch) that radio can see.




  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP






--

  From: "Josh Reynolds" <j...@kyneticwifi.com>
  To: af@afmug.com
  Sent: Monday, May 16, 2016 8:30:12 PM
  Subject: Re: [AFMUG] ubnt malware 



  It's self replicating. They patched this long ago. It hits people 
with radios on public IPs.

  On May 16, 2016 8:19 PM, "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com> wrote:

From what im reading in their forums something set off over the 
weekend? or is it ubnt douche nozzles? 


It sounds almost as if this malware is actively being manipulated 
(changing from key access to foul username/password, wandering control ports, 
etc, like script kiddies found a new toy?


is this thing self propagating from the device?



-- 

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.







-- 

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[Mike Hammett]

I don't believe there's any time that SSH stops working until it erases the 
config. 

I didn't try the jar tool. I cobbled together my own method more quickly and my 
own method is more useful in that I can have it do anything. I got tied up with 
other work today, but working on a script to add firewall entries across all 
devices on the network. 

http://community.ubnt.com/t5/airMAX-General-Discussion/Infection-fix-via-ansible-Sticky-this-thread/m-p/1564746#U1564746
 


I had five devices that weren't patched, one on a Mikrotik AP and four that 
U-CRM somehow missed (continually) when scanning a subnet. Caught them all 
yesterday morning only a couple hours after being infected. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> 
To: af@afmug.com 
Sent: Monday, May 16, 2016 9:50:22 PM 
Subject: Re: [AFMUG] ubnt malware 


As i understand it, if the jar tools works, the device had not been fully 
compromised yet? or it was scanning the rest of the network during the 
timeframe mentioned? 
Ive found two, cleaned them with the tool, but if the malware is fully active, 
ssh wont be accessible anyway 


On Mon, May 16, 2016 at 9:35 PM, That One Guy /sarcasm < 
thatoneguyst...@gmail.com > wrote: 



>From what Ive read so far, the majority of them make me look like a network 
>rockstar. Im telling the boss to give me a raise or ill send them a job app 
>for my job 




On Mon, May 16, 2016 at 9:33 PM, Mike Hammett < af...@ics-il.net > wrote: 




You've been reading comments from people that don't know what they're talking 
about. 

5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If they 
have the files on them, they either weren't properly cleaned or the files were 
uploading into an inert portion of the system that is wiped on reboot. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:37:59 PM 
Subject: Re: [AFMUG] ubnt malware 


are we talking can see layer two, can see via device discovery, thats a broad 
term 


Is there any direct thread on specific symptoms beyond devices offline and any 
traces of what takes place post infection, ive seen some comments theyre doing 
port 53 vpns to send spam, just curios what else. 


Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3 


We only have a handful of air routers with public IPs on them, everything else 
is internal space 


the self replication is what im wondering about, the devices on each network 
segment are subnet isolated, but still on the same layer2 




On Mon, May 16, 2016 at 8:31 PM, Mike Hammett < af...@ics-il.net > wrote: 




Initially... then every other radio (and switch) that radio can see. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "Josh Reynolds" < j...@kyneticwifi.com > 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:30:12 PM 
Subject: Re: [AFMUG] ubnt malware 




It's self replicating. They patched this long ago. It hits people with radios 
on public IPs. 
On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 



>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 


It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 


is this thing self propagating from the device? 


-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 








-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 






-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 





-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

As i understand it, if the jar tools works, the device had not been fully
compromised yet? or it was scanning the rest of the network during the
timeframe mentioned?
Ive found two, cleaned them with the tool, but if the malware is fully
active, ssh wont be accessible anyway

On Mon, May 16, 2016 at 9:35 PM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> From what Ive read so far, the majority of them make me look like a
> network rockstar. Im telling the boss to give me a raise or ill send them a
> job app for my job
>
> On Mon, May 16, 2016 at 9:33 PM, Mike Hammett <af...@ics-il.net> wrote:
>
>> You've been reading comments from people that don't know what they're
>> talking about.
>>
>> 5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If
>> they have the files on them, they either weren't properly cleaned or the
>> files were uploading into an inert portion of the system that is wiped on
>> reboot.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions <http://www.ics-il.com/>
>> <https://www.facebook.com/ICSIL>
>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>> <https://twitter.com/ICSIL>
>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>> <https://www.facebook.com/mdwestix>
>> <https://www.linkedin.com/company/midwest-internet-exchange>
>> <https://twitter.com/mdwestix>
>> The Brothers WISP <http://www.thebrotherswisp.com/>
>> <https://www.facebook.com/thebrotherswisp>
>>
>>
>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>> --
>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:37:59 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>> are we talking can see layer two, can see via device discovery, thats a
>> broad term
>>
>> Is there any direct thread on specific symptoms beyond devices offline
>> and any traces of what takes place post infection, ive seen some comments
>> theyre doing port 53 vpns to send spam, just curios what else.
>>
>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>>
>> We only have a handful of air routers with public IPs on them, everything
>> else is internal space
>>
>> the self replication is what im wondering about, the devices on each
>> network segment are subnet isolated, but still on the same layer2
>>
>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:
>>
>>> Initially...  then every other radio (and switch) that radio can see.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>> <https://www.facebook.com/ICSIL>
>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>> <https://twitter.com/ICSIL>
>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>> <https://www.facebook.com/mdwestix>
>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>> <https://twitter.com/mdwestix>
>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>> <https://www.facebook.com/thebrotherswisp>
>>>
>>>
>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>> --
>>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>>> *Subject: *Re: [AFMUG] ubnt malware
>>>
>>>
>>> It's self replicating. They patched this long ago. It hits people with
>>> radios on public IPs.
>>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> From what im reading in their forums something set off over the
>>>> weekend? or is it ubnt douche nozzles?
>>>>
>>>> It sounds almost as if this malware is actively being manipulated
>>>> (changing from key access to foul username/password, wandering control
>>>> ports, etc, like script kiddies found a new toy?
>>>>
>>>> is this thing self propagating from the device?
>>>>
>>>> --
>>>> If you only see yourself as part of the team but you don't see your
>>>> team as part of yourself you have already failed as part of the team.
>>>>
>>>
>>>
>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

>From what Ive read so far, the majority of them make me look like a network
rockstar. Im telling the boss to give me a raise or ill send them a job app
for my job

On Mon, May 16, 2016 at 9:33 PM, Mike Hammett <af...@ics-il.net> wrote:

> You've been reading comments from people that don't know what they're
> talking about.
>
> 5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If
> they have the files on them, they either weren't properly cleaned or the
> files were uploading into an inert portion of the system that is wiped on
> reboot.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL>
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
> <https://www.linkedin.com/company/intelligent-computing-solutions>
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix>
> <https://www.linkedin.com/company/midwest-internet-exchange>
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp>
>
>
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> --------------
> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:37:59 PM
> *Subject: *Re: [AFMUG] ubnt malware
>
> are we talking can see layer two, can see via device discovery, thats a
> broad term
>
> Is there any direct thread on specific symptoms beyond devices offline and
> any traces of what takes place post infection, ive seen some comments
> theyre doing port 53 vpns to send spam, just curios what else.
>
> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>
> We only have a handful of air routers with public IPs on them, everything
> else is internal space
>
> the self replication is what im wondering about, the devices on each
> network segment are subnet isolated, but still on the same layer2
>
> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:
>
>> Initially...  then every other radio (and switch) that radio can see.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions <http://www.ics-il.com/>
>> <https://www.facebook.com/ICSIL>
>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>> <https://twitter.com/ICSIL>
>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>> <https://www.facebook.com/mdwestix>
>> <https://www.linkedin.com/company/midwest-internet-exchange>
>> <https://twitter.com/mdwestix>
>> The Brothers WISP <http://www.thebrotherswisp.com/>
>> <https://www.facebook.com/thebrotherswisp>
>>
>>
>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>> --
>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>>
>> It's self replicating. They patched this long ago. It hits people with
>> radios on public IPs.
>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[Mike Hammett]

Until it gets delivered via Flash or Java or something else... ;-) 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Mathew Howard" <mhoward...@gmail.com> 
To: "af" <af@afmug.com> 
Sent: Monday, May 16, 2016 9:16:40 PM 
Subject: Re: [AFMUG] ubnt malware 


If you have firewall rules at the edge of the network blocking the management 
ports ti the airrouters that are on public IPs, they're probably fine. We still 
have some radios that are on old firmware, but I haven't been able to find 
anything on our network that's infected. Fortunately, when I was setting up the 
firewall rules to block access to the CPEs from outside our network, I decided 
it was desirable to block customers from being able to get to other customers 
radios as well... which should break the self replicating part of this thing, 
so even if it does somehow get into our network, it shouldn't be able to get 
far. 
That said, I'm updating everything that isn't on at least 5.6.2 right away. 
On May 16, 2016 8:41 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 



yeah, thats amazing me, one fella was complaining about how much of a problem 
it would be to take a unit offline to get on a bench. I would think if things 
are that bad that your network is progressively shutting down, convenience 
would be the least of your concerns. 


I have to investigate a couple anomalies on the network, in the back of my mind 
Im hoping the air routers have been hit to put a nail in their coffins so we 
cam go with mikrotiks as the CPE router instead 



On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds < j...@kyneticwifi.com > wrote: 



Or threatening to sue because of their own personal ignorance and negligence. 


On May 16, 2016 8:32 PM, "Mike Hammett" < af...@ics-il.net > wrote: 




A good amount of it is just people that don't know any better making false 
observations. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:19:00 PM 
Subject: [AFMUG] ubnt malware 


>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 


It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 


is this thing self propagating from the device? 


-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 








-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

Re: [AFMUG] ubnt malware

[Mike Hammett]

You've been reading comments from people that don't know what they're talking 
about. 

5.6.2+, 5.5.10u2 and 5.5.11 can't be infected into an active state. If they 
have the files on them, they either weren't properly cleaned or the files were 
uploading into an inert portion of the system that is wiped on reboot. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:37:59 PM 
Subject: Re: [AFMUG] ubnt malware 


are we talking can see layer two, can see via device discovery, thats a broad 
term 


Is there any direct thread on specific symptoms beyond devices offline and any 
traces of what takes place post infection, ive seen some comments theyre doing 
port 53 vpns to send spam, just curios what else. 


Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3 


We only have a handful of air routers with public IPs on them, everything else 
is internal space 


the self replication is what im wondering about, the devices on each network 
segment are subnet isolated, but still on the same layer2 


On Mon, May 16, 2016 at 8:31 PM, Mike Hammett < af...@ics-il.net > wrote: 




Initially... then every other radio (and switch) that radio can see. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "Josh Reynolds" < j...@kyneticwifi.com > 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:30:12 PM 
Subject: Re: [AFMUG] ubnt malware 




It's self replicating. They patched this long ago. It hits people with radios 
on public IPs. 
On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 



>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 


It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 


is this thing self propagating from the device? 


-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 








-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

Re: [AFMUG] ubnt malware

[Mathew Howard]

Air routers run the same firmware, so they're going to be affected.
On May 16, 2016 9:06 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
wrote:

> im not finding any air routers or reading anything about airrouters
> getting hit, maybe this is limited to radios.
>
> But there is something definetly active, the logs in the air routers are
> getting hammered with access attempts, even more than normal. this 5.65
> will probably have a log bug that causes an overflow dump or something like
> that
>
> On Mon, May 16, 2016 at 8:56 PM, CBB - Jay Fuller <
> par...@cyberbroadband.net> wrote:
>
>>
>> the latest reports i've been reading is with the radio resetting to
>> defaults, ssid becomes ubnt, and a radio on newer firmware won't associate
>> because you haven't accepted the TOS on the radios (which had gone default)
>>
>>
>> - Original Message -
>> *From:* That One Guy /sarcasm <thatoneguyst...@gmail.com>
>> *To:* af@afmug.com
>> *Sent:* Monday, May 16, 2016 8:41 PM
>> *Subject:* Re: [AFMUG] ubnt malware
>>
>> yeah, thats amazing me, one fella was complaining about how much of a
>> problem it would be to take a unit offline to get on a bench. I would think
>> if things are that bad that your network is progressively shutting down,
>> convenience would be the least of your concerns.
>>
>> I have to investigate a couple anomalies on the network, in the back of
>> my mind Im hoping the air routers have been hit to put a nail in their
>> coffins so we cam go with mikrotiks as the CPE router instead
>>
>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
>> wrote:
>>
>>> Or threatening to sue because of their own personal ignorance and
>>> negligence.
>>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>>
>>>> A good amount of it is just people that don't know any better making
>>>> false observations.
>>>>
>>>>
>>>>
>>>> -
>>>> Mike Hammett
>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>> <https://www.facebook.com/ICSIL>
>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>> <https://twitter.com/ICSIL>
>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>> <https://www.facebook.com/mdwestix>
>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>> <https://twitter.com/mdwestix>
>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>> <https://www.facebook.com/thebrotherswisp>
>>>>
>>>>
>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>> --
>>>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>>>> *To: *af@afmug.com
>>>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>>>> *Subject: *[AFMUG] ubnt malware
>>>>
>>>> From what im reading in their forums something set off over the
>>>> weekend? or is it ubnt douche nozzles?
>>>>
>>>> It sounds almost as if this malware is actively being manipulated
>>>> (changing from key access to foul username/password, wandering control
>>>> ports, etc, like script kiddies found a new toy?
>>>>
>>>> is this thing self propagating from the device?
>>>>
>>>> --
>>>> If you only see yourself as part of the team but you don't see your
>>>> team as part of yourself you have already failed as part of the team.
>>>>
>>>>
>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

Man, if I were a malware writer Id have had this at least leave the gui
login page accessible, this was you could harves operator username and
passwords to attack other network devices visible

On Mon, May 16, 2016 at 9:14 PM, Josh Luthman <j...@imaginenetworksllc.com>
wrote:

> If you can't ssh/http you need to do tftp recovery.
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Mon, May 16, 2016 at 10:13 PM, TJ Trout <t...@voltbb.com> wrote:
>
>> Anyone have luck fixing a unit that won't respond to ssh or http?
>>
>> On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller <
>> par...@cyberbroadband.net> wrote:
>>
>>>
>>> Yup. Spent 3 hours reading it all last night
>>>
>>>
>>> - Original Message -
>>> *From:* Josh Reynolds <j...@kyneticwifi.com>
>>> *To:* af@afmug.com
>>> *Sent:* Monday, May 16, 2016 8:56 PM
>>> *Subject:* Re: [AFMUG] ubnt malware
>>>
>>> There's a huge like 27 page forum thread on it.
>>> On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> are we talking can see layer two, can see via device discovery, thats a
>>>> broad term
>>>>
>>>> Is there any direct thread on specific symptoms beyond devices offline
>>>> and any traces of what takes place post infection, ive seen some comments
>>>> theyre doing port 53 vpns to send spam, just curios what else.
>>>>
>>>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and
>>>> 3
>>>>
>>>> We only have a handful of air routers with public IPs on them,
>>>> everything else is internal space
>>>>
>>>> the self replication is what im wondering about, the devices on each
>>>> network segment are subnet isolated, but still on the same layer2
>>>>
>>>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:
>>>>
>>>>> Initially...  then every other radio (and switch) that radio can see.
>>>>>
>>>>>
>>>>>
>>>>> -
>>>>> Mike Hammett
>>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>>> <https://www.facebook.com/ICSIL>
>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>>> <https://twitter.com/ICSIL>
>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>>> <https://www.facebook.com/mdwestix>
>>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>>> <https://twitter.com/mdwestix>
>>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>>> <https://www.facebook.com/thebrotherswisp>
>>>>>
>>>>>
>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>>> --
>>>>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>>>>> *To: *af@afmug.com
>>>>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>>
>>>>>
>>>>> It's self replicating. They patched this long ago. It hits people with
>>>>> radios on public IPs.
>>>>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>>
>>>>>> From what im reading in their forums something set off over the
>>>>>> weekend? or is it ubnt douche nozzles?
>>>>>>
>>>>>> It sounds almost as if this malware is actively being manipulated
>>>>>> (changing from key access to foul username/password, wandering control
>>>>>> ports, etc, like script kiddies found a new toy?
>>>>>>
>>>>>> is this thing self propagating from the device?
>>>>>>
>>>>>> --
>>>>>> If you only see yourself as part of the team but you don't see your
>>>>>> team as part of yourself you have already failed as part of the team.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> If you only see yourself as part of the team but you don't see your
>>>> team as part of yourself you have already failed as part of the team.
>>>>
>>>
>>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[Mathew Howard]

If you have firewall rules at the edge of the network blocking the
management ports ti the airrouters that are on public IPs, they're probably
fine. We still have some radios that are on old firmware, but   I haven't
been able to find anything on our network that's infected. Fortunately,
when I was setting up the firewall rules to block access to the CPEs from
outside our network, I decided it was desirable to block customers from
being able to get to other customers radios as well... which should break
the self replicating part of this thing, so even if it does somehow get
into our network, it shouldn't be able to get far.

That said, I'm updating everything that isn't on at least 5.6.2 right away.
On May 16, 2016 8:41 PM, "That One Guy /sarcasm" 
wrote:

yeah, thats amazing me, one fella was complaining about how much of a
problem it would be to take a unit offline to get on a bench. I would think
if things are that bad that your network is progressively shutting down,
convenience would be the least of your concerns.

I have to investigate a couple anomalies on the network, in the back of my
mind Im hoping the air routers have been hit to put a nail in their coffins
so we cam go with mikrotiks as the CPE router instead

On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds  wrote:

> Or threatening to sue because of their own personal ignorance and
> negligence.
> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>
>> A good amount of it is just people that don't know any better making
>> false observations.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"That One Guy /sarcasm" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>> *Subject: *[AFMUG] ubnt malware
>>
>> From what im reading in their forums something set off over the weekend?
>> or is it ubnt douche nozzles?
>>
>> It sounds almost as if this malware is actively being manipulated
>> (changing from key access to foul username/password, wandering control
>> ports, etc, like script kiddies found a new toy?
>>
>> is this thing self propagating from the device?
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[Josh Luthman]

If you can't ssh/http you need to do tftp recovery.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, May 16, 2016 at 10:13 PM, TJ Trout <t...@voltbb.com> wrote:

> Anyone have luck fixing a unit that won't respond to ssh or http?
>
> On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller <
> par...@cyberbroadband.net> wrote:
>
>>
>> Yup. Spent 3 hours reading it all last night
>>
>>
>> - Original Message -
>> *From:* Josh Reynolds <j...@kyneticwifi.com>
>> *To:* af@afmug.com
>> *Sent:* Monday, May 16, 2016 8:56 PM
>> *Subject:* Re: [AFMUG] ubnt malware
>>
>> There's a huge like 27 page forum thread on it.
>> On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> are we talking can see layer two, can see via device discovery, thats a
>>> broad term
>>>
>>> Is there any direct thread on specific symptoms beyond devices offline
>>> and any traces of what takes place post infection, ive seen some comments
>>> theyre doing port 53 vpns to send spam, just curios what else.
>>>
>>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>>>
>>> We only have a handful of air routers with public IPs on them,
>>> everything else is internal space
>>>
>>> the self replication is what im wondering about, the devices on each
>>> network segment are subnet isolated, but still on the same layer2
>>>
>>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:
>>>
>>>> Initially...  then every other radio (and switch) that radio can see.
>>>>
>>>>
>>>>
>>>> -
>>>> Mike Hammett
>>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>> <https://www.facebook.com/ICSIL>
>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>>> <https://twitter.com/ICSIL>
>>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>> <https://www.facebook.com/mdwestix>
>>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>>> <https://twitter.com/mdwestix>
>>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>> <https://www.facebook.com/thebrotherswisp>
>>>>
>>>>
>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>>> --
>>>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>>>> *To: *af@afmug.com
>>>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>>>> *Subject: *Re: [AFMUG] ubnt malware
>>>>
>>>>
>>>> It's self replicating. They patched this long ago. It hits people with
>>>> radios on public IPs.
>>>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> From what im reading in their forums something set off over the
>>>>> weekend? or is it ubnt douche nozzles?
>>>>>
>>>>> It sounds almost as if this malware is actively being manipulated
>>>>> (changing from key access to foul username/password, wandering control
>>>>> ports, etc, like script kiddies found a new toy?
>>>>>
>>>>> is this thing self propagating from the device?
>>>>>
>>>>> --
>>>>> If you only see yourself as part of the team but you don't see your
>>>>> team as part of yourself you have already failed as part of the team.
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>
>

Re: [AFMUG] ubnt malware

[TJ Trout]

Anyone have luck fixing a unit that won't respond to ssh or http?

On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller <par...@cyberbroadband.net
> wrote:

>
> Yup. Spent 3 hours reading it all last night
>
>
> - Original Message -
> *From:* Josh Reynolds <j...@kyneticwifi.com>
> *To:* af@afmug.com
> *Sent:* Monday, May 16, 2016 8:56 PM
> *Subject:* Re: [AFMUG] ubnt malware
>
> There's a huge like 27 page forum thread on it.
> On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
>> are we talking can see layer two, can see via device discovery, thats a
>> broad term
>>
>> Is there any direct thread on specific symptoms beyond devices offline
>> and any traces of what takes place post infection, ive seen some comments
>> theyre doing port 53 vpns to send spam, just curios what else.
>>
>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>>
>> We only have a handful of air routers with public IPs on them, everything
>> else is internal space
>>
>> the self replication is what im wondering about, the devices on each
>> network segment are subnet isolated, but still on the same layer2
>>
>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:
>>
>>> Initially...  then every other radio (and switch) that radio can see.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>> <https://www.facebook.com/ICSIL>
>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>> <https://twitter.com/ICSIL>
>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>> <https://www.facebook.com/mdwestix>
>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>> <https://twitter.com/mdwestix>
>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>> <https://www.facebook.com/thebrotherswisp>
>>>
>>>
>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>> --
>>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>>> *Subject: *Re: [AFMUG] ubnt malware
>>>
>>>
>>> It's self replicating. They patched this long ago. It hits people with
>>> radios on public IPs.
>>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> From what im reading in their forums something set off over the
>>>> weekend? or is it ubnt douche nozzles?
>>>>
>>>> It sounds almost as if this malware is actively being manipulated
>>>> (changing from key access to foul username/password, wandering control
>>>> ports, etc, like script kiddies found a new toy?
>>>>
>>>> is this thing self propagating from the device?
>>>>
>>>> --
>>>> If you only see yourself as part of the team but you don't see your
>>>> team as part of yourself you have already failed as part of the team.
>>>>
>>>
>>>
>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>

Re: [AFMUG] ubnt malware

[Josh Reynolds]

It effects tough switches, airrouters, airfiber, airmax, airmax AC, etc
On May 16, 2016 9:06 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
wrote:

im not finding any air routers or reading anything about airrouters getting
hit, maybe this is limited to radios.

But there is something definetly active, the logs in the air routers are
getting hammered with access attempts, even more than normal. this 5.65
will probably have a log bug that causes an overflow dump or something like
that

On Mon, May 16, 2016 at 8:56 PM, CBB - Jay Fuller <par...@cyberbroadband.net
> wrote:

>
> the latest reports i've been reading is with the radio resetting to
> defaults, ssid becomes ubnt, and a radio on newer firmware won't associate
> because you haven't accepted the TOS on the radios (which had gone default)
>
>
> - Original Message -
> *From:* That One Guy /sarcasm <thatoneguyst...@gmail.com>
> *To:* af@afmug.com
> *Sent:* Monday, May 16, 2016 8:41 PM
> *Subject:* Re: [AFMUG] ubnt malware
>
> yeah, thats amazing me, one fella was complaining about how much of a
> problem it would be to take a unit offline to get on a bench. I would think
> if things are that bad that your network is progressively shutting down,
> convenience would be the least of your concerns.
>
> I have to investigate a couple anomalies on the network, in the back of my
> mind Im hoping the air routers have been hit to put a nail in their coffins
> so we cam go with mikrotiks as the CPE router instead
>
> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
> wrote:
>
>> Or threatening to sue because of their own personal ignorance and
>> negligence.
>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>
>>> A good amount of it is just people that don't know any better making
>>> false observations.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>> <https://www.facebook.com/ICSIL>
>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>> <https://twitter.com/ICSIL>
>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>> <https://www.facebook.com/mdwestix>
>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>> <https://twitter.com/mdwestix>
>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>> <https://www.facebook.com/thebrotherswisp>
>>>
>>>
>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>> --
>>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>>> *Subject: *[AFMUG] ubnt malware
>>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[CBB - Jay Fuller]

Yup. Spent 3 hours reading it all last night

  - Original Message - 
  From: Josh Reynolds 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 8:56 PM
  Subject: Re: [AFMUG] ubnt malware


  There's a huge like 27 page forum thread on it.

  On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com> 
wrote:

are we talking can see layer two, can see via device discovery, thats a 
broad term


Is there any direct thread on specific symptoms beyond devices offline and 
any traces of what takes place post infection, ive seen some comments theyre 
doing port 53 vpns to send spam, just curios what else.


Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3


We only have a handful of air routers with public IPs on them, everything 
else is internal space


the self replication is what im wondering about, the devices on each 
network segment are subnet isolated, but still on the same layer2


On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:

  Initially...  then every other radio (and switch) that radio can see.




  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP






--

  From: "Josh Reynolds" <j...@kyneticwifi.com>
  To: af@afmug.com
  Sent: Monday, May 16, 2016 8:30:12 PM
  Subject: Re: [AFMUG] ubnt malware



  It's self replicating. They patched this long ago. It hits people with 
radios on public IPs.

  On May 16, 2016 8:19 PM, "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com> wrote:

From what im reading in their forums something set off over the 
weekend? or is it ubnt douche nozzles?


It sounds almost as if this malware is actively being manipulated 
(changing from key access to foul username/password, wandering control ports, 
etc, like script kiddies found a new toy?


is this thing self propagating from the device?



-- 

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.







-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

im not finding any air routers or reading anything about airrouters getting
hit, maybe this is limited to radios.

But there is something definetly active, the logs in the air routers are
getting hammered with access attempts, even more than normal. this 5.65
will probably have a log bug that causes an overflow dump or something like
that

On Mon, May 16, 2016 at 8:56 PM, CBB - Jay Fuller <par...@cyberbroadband.net
> wrote:

>
> the latest reports i've been reading is with the radio resetting to
> defaults, ssid becomes ubnt, and a radio on newer firmware won't associate
> because you haven't accepted the TOS on the radios (which had gone default)
>
>
> - Original Message -
> *From:* That One Guy /sarcasm <thatoneguyst...@gmail.com>
> *To:* af@afmug.com
> *Sent:* Monday, May 16, 2016 8:41 PM
> *Subject:* Re: [AFMUG] ubnt malware
>
> yeah, thats amazing me, one fella was complaining about how much of a
> problem it would be to take a unit offline to get on a bench. I would think
> if things are that bad that your network is progressively shutting down,
> convenience would be the least of your concerns.
>
> I have to investigate a couple anomalies on the network, in the back of my
> mind Im hoping the air routers have been hit to put a nail in their coffins
> so we cam go with mikrotiks as the CPE router instead
>
> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com>
> wrote:
>
>> Or threatening to sue because of their own personal ignorance and
>> negligence.
>> On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:
>>
>>> A good amount of it is just people that don't know any better making
>>> false observations.
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>> <https://www.facebook.com/ICSIL>
>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>>> <https://twitter.com/ICSIL>
>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>> <https://www.facebook.com/mdwestix>
>>> <https://www.linkedin.com/company/midwest-internet-exchange>
>>> <https://twitter.com/mdwestix>
>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>> <https://www.facebook.com/thebrotherswisp>
>>>
>>>
>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>> --
>>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>>> *To: *af@afmug.com
>>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>>> *Subject: *[AFMUG] ubnt malware
>>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[CBB - Jay Fuller]

the latest reports i've been reading is with the radio resetting to defaults, 
ssid becomes ubnt, and a radio on newer firmware won't associate because you 
haven't accepted the TOS on the radios (which had gone default)

  - Original Message - 
  From: That One Guy /sarcasm 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 8:41 PM
  Subject: Re: [AFMUG] ubnt malware


  yeah, thats amazing me, one fella was complaining about how much of a problem 
it would be to take a unit offline to get on a bench. I would think if things 
are that bad that your network is progressively shutting down, convenience 
would be the least of your concerns.


  I have to investigate a couple anomalies on the network, in the back of my 
mind Im hoping the air routers have been hit to put a nail in their coffins so 
we cam go with mikrotiks as the CPE router instead


  On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds <j...@kyneticwifi.com> wrote:

Or threatening to sue because of their own personal ignorance and 
negligence.

On May 16, 2016 8:32 PM, "Mike Hammett" <af...@ics-il.net> wrote:

  A good amount of it is just people that don't know any better making 
false observations.




  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP






--

  From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
  To: af@afmug.com
  Sent: Monday, May 16, 2016 8:19:00 PM
  Subject: [AFMUG] ubnt malware


  From what im reading in their forums something set off over the weekend? 
or is it ubnt douche nozzles?


  It sounds almost as if this malware is actively being manipulated 
(changing from key access to foul username/password, wandering control ports, 
etc, like script kiddies found a new toy?


  is this thing self propagating from the device?



  -- 

  If you only see yourself as part of the team but you don't see your team 
as part of yourself you have already failed as part of the team.







  -- 

  If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[Josh Reynolds]

There's a huge like 27 page forum thread on it.
On May 16, 2016 8:38 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
wrote:

> are we talking can see layer two, can see via device discovery, thats a
> broad term
>
> Is there any direct thread on specific symptoms beyond devices offline and
> any traces of what takes place post infection, ive seen some comments
> theyre doing port 53 vpns to send spam, just curios what else.
>
> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3
>
> We only have a handful of air routers with public IPs on them, everything
> else is internal space
>
> the self replication is what im wondering about, the devices on each
> network segment are subnet isolated, but still on the same layer2
>
> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:
>
>> Initially...  then every other radio (and switch) that radio can see.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions <http://www.ics-il.com/>
>> <https://www.facebook.com/ICSIL>
>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
>> <https://www.linkedin.com/company/intelligent-computing-solutions>
>> <https://twitter.com/ICSIL>
>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>> <https://www.facebook.com/mdwestix>
>> <https://www.linkedin.com/company/midwest-internet-exchange>
>> <https://twitter.com/mdwestix>
>> The Brothers WISP <http://www.thebrotherswisp.com/>
>> <https://www.facebook.com/thebrotherswisp>
>>
>>
>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>> --
>> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:30:12 PM
>> *Subject: *Re: [AFMUG] ubnt malware
>>
>>
>> It's self replicating. They patched this long ago. It hits people with
>> radios on public IPs.
>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> From what im reading in their forums something set off over the weekend?
>>> or is it ubnt douche nozzles?
>>>
>>> It sounds almost as if this malware is actively being manipulated
>>> (changing from key access to foul username/password, wandering control
>>> ports, etc, like script kiddies found a new toy?
>>>
>>> is this thing self propagating from the device?
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>
>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] ubnt malware

[CBB - Jay Fuller]

a few points i've seen / made note of:

all it takes is one public facing radio on an old firmware and anything can get 
hit.  i've heard reports even of 5.6.3 internally - but most of those reports 
the thought is the radio had been previously infected.  once a public facing 
radio is infected it'll talk to other radios near that subnet.  then it'll 
randomly go trying to infect things for, i believe, and you hafta love this. 
66,666 seconds. (roughly 18 hours).

after 18 hours, it resets to factory defaults, i believe.

if you can't get into a radio that has been infected during the first 18 hours, 
try login username mother with password of f*cker...

yah.  that's original.


  - Original Message - 
  From: That One Guy /sarcasm 
  To: af@afmug.com 
  Sent: Monday, May 16, 2016 8:37 PM
  Subject: Re: [AFMUG] ubnt malware


  are we talking can see layer two, can see via device discovery, thats a broad 
term


  Is there any direct thread on specific symptoms beyond devices offline and 
any traces of what takes place post infection, ive seen some comments theyre 
doing port 53 vpns to send spam, just curios what else.


  Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3


  We only have a handful of air routers with public IPs on them, everything 
else is internal space


  the self replication is what im wondering about, the devices on each network 
segment are subnet isolated, but still on the same layer2


  On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:

Initially...  then every other radio (and switch) that radio can see.




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP








From: "Josh Reynolds" <j...@kyneticwifi.com>
To: af@afmug.com
Sent: Monday, May 16, 2016 8:30:12 PM
    Subject: Re: [AFMUG] ubnt malware



It's self replicating. They patched this long ago. It hits people with 
radios on public IPs.

On May 16, 2016 8:19 PM, "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com> wrote:

  From what im reading in their forums something set off over the weekend? 
or is it ubnt douche nozzles?


  It sounds almost as if this malware is actively being manipulated 
(changing from key access to foul username/password, wandering control ports, 
etc, like script kiddies found a new toy?


  is this thing self propagating from the device?



  -- 

  If you only see yourself as part of the team but you don't see your team 
as part of yourself you have already failed as part of the team.







  -- 

  If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

yeah, thats amazing me, one fella was complaining about how much of a
problem it would be to take a unit offline to get on a bench. I would think
if things are that bad that your network is progressively shutting down,
convenience would be the least of your concerns.

I have to investigate a couple anomalies on the network, in the back of my
mind Im hoping the air routers have been hit to put a nail in their coffins
so we cam go with mikrotiks as the CPE router instead

On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds  wrote:

> Or threatening to sue because of their own personal ignorance and
> negligence.
> On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:
>
>> A good amount of it is just people that don't know any better making
>> false observations.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"That One Guy /sarcasm" 
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 8:19:00 PM
>> *Subject: *[AFMUG] ubnt malware
>>
>> From what im reading in their forums something set off over the weekend?
>> or is it ubnt douche nozzles?
>>
>> It sounds almost as if this malware is actively being manipulated
>> (changing from key access to foul username/password, wandering control
>> ports, etc, like script kiddies found a new toy?
>>
>> is this thing self propagating from the device?
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[That One Guy /sarcasm]

are we talking can see layer two, can see via device discovery, thats a
broad term

Is there any direct thread on specific symptoms beyond devices offline and
any traces of what takes place post infection, ive seen some comments
theyre doing port 53 vpns to send spam, just curios what else.

Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3

We only have a handful of air routers with public IPs on them, everything
else is internal space

the self replication is what im wondering about, the devices on each
network segment are subnet isolated, but still on the same layer2

On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <af...@ics-il.net> wrote:

> Initially...  then every other radio (and switch) that radio can see.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL>
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
> <https://www.linkedin.com/company/intelligent-computing-solutions>
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix>
> <https://www.linkedin.com/company/midwest-internet-exchange>
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp>
>
>
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> --------------
> *From: *"Josh Reynolds" <j...@kyneticwifi.com>
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:30:12 PM
> *Subject: *Re: [AFMUG] ubnt malware
>
>
> It's self replicating. They patched this long ago. It hits people with
> radios on public IPs.
> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" <
> thatoneguyst...@gmail.com> wrote:
>
>> From what im reading in their forums something set off over the weekend?
>> or is it ubnt douche nozzles?
>>
>> It sounds almost as if this malware is actively being manipulated
>> (changing from key access to foul username/password, wandering control
>> ports, etc, like script kiddies found a new toy?
>>
>> is this thing self propagating from the device?
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] ubnt malware

[Josh Reynolds]

Or threatening to sue because of their own personal ignorance and
negligence.
On May 16, 2016 8:32 PM, "Mike Hammett"  wrote:

> A good amount of it is just people that don't know any better making false
> observations.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"That One Guy /sarcasm" 
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:19:00 PM
> *Subject: *[AFMUG] ubnt malware
>
> From what im reading in their forums something set off over the weekend?
> or is it ubnt douche nozzles?
>
> It sounds almost as if this malware is actively being manipulated
> (changing from key access to foul username/password, wandering control
> ports, etc, like script kiddies found a new toy?
>
> is this thing self propagating from the device?
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>

Re: [AFMUG] ubnt malware

[Mike Hammett]

A good amount of it is just people that don't know any better making false 
observations. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "That One Guy /sarcasm"  
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:19:00 PM 
Subject: [AFMUG] ubnt malware 


>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 


It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 


is this thing self propagating from the device? 


-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

Re: [AFMUG] ubnt malware

[Mike Hammett]

Initially... then every other radio (and switch) that radio can see. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Josh Reynolds" <j...@kyneticwifi.com> 
To: af@afmug.com 
Sent: Monday, May 16, 2016 8:30:12 PM 
Subject: Re: [AFMUG] ubnt malware 


It's self replicating. They patched this long ago. It hits people with radios 
on public IPs. 
On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
wrote: 



>From what im reading in their forums something set off over the weekend? or is 
>it ubnt douche nozzles? 


It sounds almost as if this malware is actively being manipulated (changing 
from key access to foul username/password, wandering control ports, etc, like 
script kiddies found a new toy? 


is this thing self propagating from the device? 


-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

Re: [AFMUG] ubnt malware

[Josh Reynolds]

It's self replicating. They patched this long ago. It hits people with
radios on public IPs.
On May 16, 2016 8:19 PM, "That One Guy /sarcasm" 
wrote:

> From what im reading in their forums something set off over the weekend?
> or is it ubnt douche nozzles?
>
> It sounds almost as if this malware is actively being manipulated
> (changing from key access to foul username/password, wandering control
> ports, etc, like script kiddies found a new toy?
>
> is this thing self propagating from the device?
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>