Anyone have luck fixing a unit that won't respond to ssh or http? On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller <[email protected] > wrote:
> > Yup. Spent 3 hours reading it all last night.... > > > ----- Original Message ----- > *From:* Josh Reynolds <[email protected]> > *To:* [email protected] > *Sent:* Monday, May 16, 2016 8:56 PM > *Subject:* Re: [AFMUG] ubnt malware > > There's a huge like 27 page forum thread on it. > On May 16, 2016 8:38 PM, "That One Guy /sarcasm" < > [email protected]> wrote: > >> are we talking can see layer two, can see via device discovery, thats a >> broad term >> >> Is there any direct thread on specific symptoms beyond devices offline >> and any traces of what takes place post infection, ive seen some comments >> theyre doing port 53 vpns to send spam, just curios what else. >> >> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3 >> >> We only have a handful of air routers with public IPs on them, everything >> else is internal space >> >> the self replication is what im wondering about, the devices on each >> network segment are subnet isolated, but still on the same layer2 >> >> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <[email protected]> wrote: >> >>> Initially... then every other radio (and switch) that radio can see. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions <http://www.ics-il.com/> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>> <https://www.facebook.com/mdwestix> >>> <https://www.linkedin.com/company/midwest-internet-exchange> >>> <https://twitter.com/mdwestix> >>> The Brothers WISP <http://www.thebrotherswisp.com/> >>> <https://www.facebook.com/thebrotherswisp> >>> >>> >>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>> ------------------------------ >>> *From: *"Josh Reynolds" <[email protected]> >>> *To: *[email protected] >>> *Sent: *Monday, May 16, 2016 8:30:12 PM >>> *Subject: *Re: [AFMUG] ubnt malware >>> >>> >>> It's self replicating. They patched this long ago. It hits people with >>> radios on public IPs. >>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < >>> [email protected]> wrote: >>> >>>> From what im reading in their forums something set off over the >>>> weekend? or is it ubnt douche nozzles? >>>> >>>> It sounds almost as if this malware is actively being manipulated >>>> (changing from key access to foul username/password, wandering control >>>> ports, etc, like script kiddies found a new toy? >>>> >>>> is this thing self propagating from the device? >>>> >>>> -- >>>> If you only see yourself as part of the team but you don't see your >>>> team as part of yourself you have already failed as part of the team. >>>> >>> >>> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >
