If you can't ssh/http you need to do tftp recovery.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, May 16, 2016 at 10:13 PM, TJ Trout <[email protected]> wrote: > Anyone have luck fixing a unit that won't respond to ssh or http? > > On Mon, May 16, 2016 at 7:11 PM, CBB - Jay Fuller < > [email protected]> wrote: > >> >> Yup. Spent 3 hours reading it all last night.... >> >> >> ----- Original Message ----- >> *From:* Josh Reynolds <[email protected]> >> *To:* [email protected] >> *Sent:* Monday, May 16, 2016 8:56 PM >> *Subject:* Re: [AFMUG] ubnt malware >> >> There's a huge like 27 page forum thread on it. >> On May 16, 2016 8:38 PM, "That One Guy /sarcasm" < >> [email protected]> wrote: >> >>> are we talking can see layer two, can see via device discovery, thats a >>> broad term >>> >>> Is there any direct thread on specific symptoms beyond devices offline >>> and any traces of what takes place post infection, ive seen some comments >>> theyre doing port 53 vpns to send spam, just curios what else. >>> >>> Ive read claims of infections as high as 5.6.4, we are mostly 5.6.2 and 3 >>> >>> We only have a handful of air routers with public IPs on them, >>> everything else is internal space >>> >>> the self replication is what im wondering about, the devices on each >>> network segment are subnet isolated, but still on the same layer2 >>> >>> On Mon, May 16, 2016 at 8:31 PM, Mike Hammett <[email protected]> wrote: >>> >>>> Initially... then every other radio (and switch) that radio can see. >>>> >>>> >>>> >>>> ----- >>>> Mike Hammett >>>> Intelligent Computing Solutions <http://www.ics-il.com/> >>>> <https://www.facebook.com/ICSIL> >>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>> <https://twitter.com/ICSIL> >>>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>>> <https://www.facebook.com/mdwestix> >>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>> <https://twitter.com/mdwestix> >>>> The Brothers WISP <http://www.thebrotherswisp.com/> >>>> <https://www.facebook.com/thebrotherswisp> >>>> >>>> >>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>> ------------------------------ >>>> *From: *"Josh Reynolds" <[email protected]> >>>> *To: *[email protected] >>>> *Sent: *Monday, May 16, 2016 8:30:12 PM >>>> *Subject: *Re: [AFMUG] ubnt malware >>>> >>>> >>>> It's self replicating. They patched this long ago. It hits people with >>>> radios on public IPs. >>>> On May 16, 2016 8:19 PM, "That One Guy /sarcasm" < >>>> [email protected]> wrote: >>>> >>>>> From what im reading in their forums something set off over the >>>>> weekend? or is it ubnt douche nozzles? >>>>> >>>>> It sounds almost as if this malware is actively being manipulated >>>>> (changing from key access to foul username/password, wandering control >>>>> ports, etc, like script kiddies found a new toy? >>>>> >>>>> is this thing self propagating from the device? >>>>> >>>>> -- >>>>> If you only see yourself as part of the team but you don't see your >>>>> team as part of yourself you have already failed as part of the team. >>>>> >>>> >>>> >>> >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >> >
