Public IP on Ubnt. What else do you need to know? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On May 4, 2016 9:59 PM, "Eric Kuhnke" <[email protected]> wrote:
> The thread got this far and noone has wondered how the CPE was pwned in > the first place? > > On Wed, May 4, 2016 at 6:55 PM, Mathew Howard <[email protected]> > wrote: > >> Yeah, I looked at setting it up that way at one point, but something >> didn't look like it was going to work quite the way I wanted it to... but I >> probably spent all of five minutes on it, so it may very well be possible. >> The way ePMP does it is really nice though... and simple. >> >> On Wed, May 4, 2016 at 8:38 PM, Josh Luthman <[email protected] >> > wrote: >> >>> People do it for sure. I want to say there was an example on the forums >>> or some where... >>> >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> On May 4, 2016 9:35 PM, "Mathew Howard" <[email protected]> wrote: >>> >>>> I have our ePMP's setup to get their public IP via PPPoE, and the radio >>>> also gets a completely separate private management IP via DHCP, which is >>>> the only way you can remotely access the radio, and it doesn't even have to >>>> be in a separate vlan unless you want it to be... and it's one checkbox to >>>> configure it. >>>> >>>> I'm not sure if that can be duplicated on UBNT or not, since I haven't >>>> really tried yet, but at the very least it's a lot more complicated to >>>> configure. >>>> >>>> >>>> >>>> On Wed, May 4, 2016 at 7:04 PM, Josh Luthman < >>>> [email protected]> wrote: >>>> >>>>> It does...you just need to set it up that way. >>>>> >>>>> >>>>> Josh Luthman >>>>> Office: 937-552-2340 >>>>> Direct: 937-552-2343 >>>>> 1100 Wayne St >>>>> Suite 1337 >>>>> Troy, OH 45373 >>>>> >>>>> On Wed, May 4, 2016 at 7:54 PM, Mathew Howard <[email protected]> >>>>> wrote: >>>>> >>>>>> I really wish Ubiquiti radios had a separate management vlan option >>>>>> (in router mode), like ePMP does... >>>>>> >>>>>> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> I would encourage you to put your CPEs on a management vlan, in >>>>>>> RFC1918 space. >>>>>>> >>>>>>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband >>>>>>> <[email protected]> wrote: >>>>>>> > Hi Tushar >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > We run all radios in NAT mode. >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Adam >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > From: Af [mailto:[email protected]] On Behalf Of Tushar Patel >>>>>>> > Sent: Wednesday, May 04, 2016 3:34 PM >>>>>>> > To: [email protected] >>>>>>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions? >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Radios could be put on private ip so nobody from outside world can >>>>>>> access >>>>>>> > it. That is what we do. >>>>>>> > >>>>>>> > Tushar >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > On May 4, 2016, at 5:22 PM, SmarterBroadband < >>>>>>> [email protected]> >>>>>>> > wrote: >>>>>>> > >>>>>>> > I have received a number of emails for [email protected] saying >>>>>>> certain of >>>>>>> > our IP address are being used for attacks (see email text below). >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > All IP addresses are in UBNT radios. We are unable to remote >>>>>>> access any of >>>>>>> > the these radios now. We see that the radio we are unable to >>>>>>> access >>>>>>> > rebooted a couple of days ago. A number of other radios show they >>>>>>> rebooted >>>>>>> > around the same time (in sequence) on the AP. We are unable to >>>>>>> remote >>>>>>> > access any of those either. Other radios with longer uptime on the >>>>>>> AP’s are >>>>>>> > fine. >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > We have a tech on route to one of the customer sites. >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > We think the radios are being made into bots. Anyone seen this or >>>>>>> anything >>>>>>> > like this? Do the hackers need a username and password to hack a >>>>>>> radio? >>>>>>> > I.E. Would a change of the password stop the changes being made >>>>>>> to the >>>>>>> > radios? Any other thoughts, suggestions or ideas? >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Thanks >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Adam >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Email Text below: >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > “This is a semi-automated e-mail from the LG-Mailproxy >>>>>>> authentication >>>>>>> > system, all requests have been approved manually by the >>>>>>> > system-administrators or are obviously unwanted (eg. requests to >>>>>>> our >>>>>>> > spamtraps). >>>>>>> > >>>>>>> > For further questions or if additional information is needed >>>>>>> please reply to >>>>>>> > this email. >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to >>>>>>> suspicious >>>>>>> > behaviour on our system. >>>>>>> > >>>>>>> > This happened already 1 times. >>>>>>> > >>>>>>> > It might be be part of a botnet, infected by a trojan/virus or >>>>>>> running >>>>>>> > brute-force attacks. >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Our affected destination servers: smtp.light-gap.net, >>>>>>> imap.light-gap.net >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with >>>>>>> 6 >>>>>>> > different usernames and wrong password: >>>>>>> > >>>>>>> > 2016-05-04T23:48:40+02:00 with username " >>>>>>> downloads.openscience.or.at" >>>>>>> > (spamtrap account) >>>>>>> > >>>>>>> > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account) >>>>>>> > >>>>>>> > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account) >>>>>>> > >>>>>>> > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account) >>>>>>> > >>>>>>> > 2016-05-03T20:57:19+02:00 with username " >>>>>>> downloads.openscience.or.at" >>>>>>> > (spamtrap account) >>>>>>> > >>>>>>> > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap >>>>>>> account) >>>>>>> > >>>>>>> > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap >>>>>>> account) >>>>>>> > Ongoing failed/unauthorized logins attempts will be logged and >>>>>>> sent to you >>>>>>> > every 24h until the IP will be permanently banned from our systems >>>>>>> after 72 >>>>>>> > hours. >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > The Light-Gap.net Abuse Team.” >>>>>>> > >>>>>>> > >>>>>>> >>>>>> >>>>>> >>>>> >>>> >> >
