Im a worst case scenario artist. My concern is the customer will talk to our customer service, theyll tell him we will replace his router. He will bring it in, get a replacement. Its been "infected" and will hit our Achilles heel. Customer service will drop it in the returns bin. It will get taken abk and connected to the machine thats used to dump the file, it will "infect" that machine, that machine will infect the Customer service network. A tech will pick up the router and install it at another POP. infecting that POP. he will also bring his laptop back and connect it to my network. My machine has no real antimalware and he will infect it across that network. My machine has all the keys to the castle.
the reality is they guy probably had slow wifi in his detached garage 1500 feet from his house, and his buddy mike said he must be infected with some really nasty virus because his portable version of AVG from 2010 cant find it so it must be direct from anonymous. On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds <[email protected]> wrote: > Cross platform malware is a Thing now, and has been for several years. > It's fortunately not very prevalent yet. > On Apr 10, 2016 3:36 PM, "Bill Prince" <[email protected]> wrote: > >> I don't believe it. >> >> We have a friend that comes to some outrageous conclusions with scant >> information, and practically zero technical knowledge. Yet when he explains >> something, he sounds perfectly reasonable with impeccable logic. It just >> never is. >> >> bp >> <part15sbs{at}gmail{dot}com> >> >> >> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote: >> >> So we have this customer who experienced a ferocious malware, still >> waiting on more details from the customer, its very interesting because it >> crossed multiple platforms. multiple cell phones, a satellite DVR, a PC >> etc. Im not sure how he verified infection, but he did have to factory his >> phones, his PC he said required a hard drive replacement (not sure what or >> who decided this) not sure how the satellite DVR was mitigated. He thinks >> it came from a Rise Broadband (formerly Prairie Inet ESSID (I doubt this, >> the ESSIDs prairie inet ran were open, with other security for the access) >> With it being as cross platform as it was im wondering how i would check >> the air router we provide to see if it got hit as well. All we do is a dump >> file on the current firmware that sets a password, ensures 443 is open, >> sets a DMZ to an IP out of the DHCP scope, and we manually set the ESSID >> with WPA2, the key being the MAC on the label ( it think this is the WLAN) >> (we disable snmp, telnet, but leave ssh open), we also turn off CDP and the >> ubnt discovery >> >> >> Im hoping he has some good info on what this actually was, and its not >> just a case of his buddy jim telling him all this. >> >> Anybody know of something in the wild capable of hitting all these >> devices across a network (wired/wireless) >> >> Im asking about the airrrouter in particular, considering if it were >> impacted, that could be a mess at the POP since most customer NAT are in >> the same subnet, with duplicate configs >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
