That is correct On May 18, 2016 4:33 PM, "That One Guy /sarcasm" <[email protected]> wrote:
> I only have one server, i set it up as a testbed and to get all the > networks firmwares up to date. I need to build the real server, it will be > on a different IP and all that good stuff, I just am trying to confirm the > correct method of removing the devices from this one before configuring the > new one. > Just making sure its, > rt click the device, stop monitoring > rt click the device - more - remove > > On Wed, May 18, 2016 at 4:27 PM, Josh Reynolds <[email protected]> > wrote: > >> For that one server you removed it from, yes. There may be other entries >> on the device. >> >> I am somewhat dense at times, but am I not being clear somewhere? :/ >> On May 18, 2016 4:25 PM, "That One Guy /sarcasm" < >> [email protected]> wrote: >> >>> so if i do - stop monitoring, then remove its cleans up the device? >>> >>> On Wed, May 18, 2016 at 3:17 PM, Josh Reynolds <[email protected]> >>> wrote: >>> >>>> For every aircontrol or aircontrol 2 server and ip you connect to an >>>> airmax device, is gets an entry. Max is I think 5 entries. Unless you >>>> properly remove the device from the aircontrol or aircontrol2 server (or >>>> the server bites the dust), it (the device) will continuously try reaching >>>> that server until you manually go into each device and run the 3 or 4 lines >>>> of code per each sever entry... or you can script it, which is normally >>>> okay but somewhat risky. >>>> >>>> >>>> On Wed, May 18, 2016 at 12:23 PM, That One Guy /sarcasm < >>>> [email protected]> wrote: >>>> >>>>> I cant find it in the archives. >>>>> are you saying even if i remove it from this existing installation of >>>>> ac2 the device will try connecting to it anyway? i just did a port forward >>>>> on the office firewall to my desktop for testing >>>>> >>>>> >>>>> and does anybody know how to get this tough switch off this console, >>>>> everytime it comes into the visible list it freaks it out so i cant do >>>>> anything with the other devices >>>>> >>>>> On Tue, May 17, 2016 at 6:25 PM, Josh Reynolds <[email protected]> >>>>> wrote: >>>>> >>>>>> Eh, it modifies some mca attributes. It's not all in the config, but >>>>>> still should be easy to do in ansible. >>>>>> >>>>>> On Tue, May 17, 2016 at 6:25 PM, Mike Hammett <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Now that I have some basics of ansible, it's easy to clear anything >>>>>>> out of the config file for me. >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- >>>>>>> Mike Hammett >>>>>>> Intelligent Computing Solutions <http://www.ics-il.com/> >>>>>>> <https://www.facebook.com/ICSIL> >>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>>> <https://twitter.com/ICSIL> >>>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>>>>>> <https://www.facebook.com/mdwestix> >>>>>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>>>>> <https://twitter.com/mdwestix> >>>>>>> The Brothers WISP <http://www.thebrotherswisp.com/> >>>>>>> <https://www.facebook.com/thebrotherswisp> >>>>>>> >>>>>>> >>>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>>>>> ------------------------------ >>>>>>> *From: *"Josh Reynolds" <[email protected]> >>>>>>> *To: *[email protected] >>>>>>> *Sent: *Tuesday, May 17, 2016 6:18:42 PM >>>>>>> *Subject: *Re: [AFMUG] ubnt malware >>>>>>> >>>>>>> That only clears out the current monitoring session AFAIK, it >>>>>>> doesn't remove entries from previous aircontrol or aircontrol2 server >>>>>>> instances. I created a script to do this previously that took a flat >>>>>>> file >>>>>>> ip list input. >>>>>>> >>>>>>> On Tue, May 17, 2016 at 6:12 PM, Jesse DuPont < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> In the AC2 client connected to your test server, right-click each >>>>>>>> monitored device, choose Stop Monitoring. After that, right-click each >>>>>>>> one >>>>>>>> and choose Remove. >>>>>>>> >>>>>>>> *Jesse DuPont* >>>>>>>> >>>>>>>> Network Architect >>>>>>>> email: [email protected] >>>>>>>> Celerity Networks LLC >>>>>>>> >>>>>>>> Celerity Broadband LLC >>>>>>>> Like us! facebook.com/celeritynetworksllc >>>>>>>> >>>>>>>> Like us! facebook.com/celeritybroadband >>>>>>>> On 5/17/16 5:10 PM, That One Guy /sarcasm wrote: >>>>>>>> >>>>>>>> whats the method to clear these ones out effectively >>>>>>>> >>>>>>>> >>>>>>>> On Tue, May 17, 2016 at 1:27 PM, Josh Reynolds < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> HRRRRNNNGGG don't do that. >>>>>>>>> >>>>>>>>> Every time you spin up and then kill an aircontrol server that you >>>>>>>>> managed devices from, those devices will FOREVER try and report to >>>>>>>>> that >>>>>>>>> aircontrol server. Up to 4 or 5 per device. That generates a lot of >>>>>>>>> ARP >>>>>>>>> every 60 seconds or so when those servers don't exist anymore. >>>>>>>>> >>>>>>>>> It takes manual intervention via scripting on each device to get >>>>>>>>> them clean. >>>>>>>>> >>>>>>>>> Put up a real server / vm, associate devices, and be done with it. >>>>>>>>> Linux works best (by far). >>>>>>>>> >>>>>>>>> On Tue, May 17, 2016 at 1:21 PM, That One Guy /sarcasm < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> this was just a test install of ac2, if i reinstall on another >>>>>>>>>> machine and kill this one, what do i need to do to control the >>>>>>>>>> devices from >>>>>>>>>> that? >>>>>>>>>> >>>>>>>>>> On Tue, May 17, 2016 at 1:07 PM, Josh Reynolds < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> nothing monitors toughswitches. not really. >>>>>>>>>>> >>>>>>>>>>> kill them with fire anyway >>>>>>>>>>> >>>>>>>>>>> On Tue, May 17, 2016 at 12:35 PM, That One Guy /sarcasm < >>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> thats what i did, didnt find anything >>>>>>>>>>>> >>>>>>>>>>>> just found out, you apprently should not add a toghswitch, the >>>>>>>>>>>> UI is hanging now...thats the ubnt ive come to know :-) >>>>>>>>>>>> >>>>>>>>>>>> On Tue, May 17, 2016 at 12:33 PM, Ty Featherling < >>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Discovery only works on layer 2. You have to switch it to IP >>>>>>>>>>>>> mode and just type in subnets like so "10.10.5.0/24, >>>>>>>>>>>>> 10.11.5.0/24, " and so on. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -Ty >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, May 17, 2016 at 12:27 PM, That One Guy /sarcasm < >>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> I still need to read up on how to scan subnets, it fails to >>>>>>>>>>>>>> add anything. I have to manually add the device >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tue, May 17, 2016 at 12:22 PM, Ty Featherling < >>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> I wish they hadn't abandoned it. It is one of the best >>>>>>>>>>>>>>> things about running a ubnt network. I have mine scan my >>>>>>>>>>>>>>> subnets every >>>>>>>>>>>>>>> night so I have monitoring of all radios from the start. >>>>>>>>>>>>>>> On May 17, 2016 12:04 PM, "That One Guy /sarcasm" < >>>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> holy dog balls, that was a simple install and simple >>>>>>>>>>>>>>>> configuration. UBNT and beta together always scares me, but >>>>>>>>>>>>>>>> this is a slick >>>>>>>>>>>>>>>> tool. Chuck M must have overseen it since it actually works >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 11:17 AM, That One Guy /sarcasm < >>>>>>>>>>>>>>>> <[email protected]>[email protected]> >>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> is the windows server variant heavy? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 11:16 AM, That One Guy /sarcasm < >>>>>>>>>>>>>>>>> <[email protected]>[email protected]> >>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> nm, i see it now >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 11:15 AM, That One Guy /sarcasm < >>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> can you point me to where i would get it >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 11:14 AM, Ty Featherling < >>>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Current AC2 is beta 21. I just installed it myself >>>>>>>>>>>>>>>>>>>> after a failed upgrade from my old beta 12 install. It >>>>>>>>>>>>>>>>>>>> will do mass >>>>>>>>>>>>>>>>>>>> firmware updates, password changes, and a set number of >>>>>>>>>>>>>>>>>>>> other configuration >>>>>>>>>>>>>>>>>>>> changes. The only 2 things I wish it did that it doesn't >>>>>>>>>>>>>>>>>>>> are firewall >>>>>>>>>>>>>>>>>>>> updates and viewing bridge tables for devices. Great tool >>>>>>>>>>>>>>>>>>>> for everything >>>>>>>>>>>>>>>>>>>> else. I installed the local beta of the new CRM thing and >>>>>>>>>>>>>>>>>>>> It seems like it >>>>>>>>>>>>>>>>>>>> barely does anything by comparison. If you go the the >>>>>>>>>>>>>>>>>>>> forums and find the >>>>>>>>>>>>>>>>>>>> AC2 beta forum, the first sticky post is the latest >>>>>>>>>>>>>>>>>>>> version. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -Ty >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -Ty >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 11:07 AM, That One Guy /sarcasm >>>>>>>>>>>>>>>>>>>> < <[email protected]>[email protected]> >>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> We need to do some mass password changes and >>>>>>>>>>>>>>>>>>>>> verification of the firmware, I assume this AC2 does >>>>>>>>>>>>>>>>>>>>> this, can somebody >>>>>>>>>>>>>>>>>>>>> point me to the most current iteration of this? We do >>>>>>>>>>>>>>>>>>>>> have the beta access. >>>>>>>>>>>>>>>>>>>>> Im just fearful of wandering too much on the forum >>>>>>>>>>>>>>>>>>>>> looking. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Will AC2 let me add configurations en mass? I need to >>>>>>>>>>>>>>>>>>>>> change and add some settings, if there is a fairly simple >>>>>>>>>>>>>>>>>>>>> way of doing this >>>>>>>>>>>>>>>>>>>>> (preferably with error checking) assuming that AC2 doesnt >>>>>>>>>>>>>>>>>>>>> do it I would >>>>>>>>>>>>>>>>>>>>> sure appreciate some pointers (that dont assume I am a >>>>>>>>>>>>>>>>>>>>> script magician) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 10:56 AM, Josh Reynolds < >>>>>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> You want a toe? I can get you a toe, believe me. >>>>>>>>>>>>>>>>>>>>>> There are ways, Dude. You don't wanna know about it, >>>>>>>>>>>>>>>>>>>>>> believe me. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hell, I can get you a toe by 3 o'clock this >>>>>>>>>>>>>>>>>>>>>> afternoon... with nail polish. >>>>>>>>>>>>>>>>>>>>>> On May 17, 2016 9:43 AM, "CBB - Jay Fuller" < >>>>>>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> >>>>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I WILL SEND YOU A BILL!!! (FOR YOUR HATE))) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> hah >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>> *From:* Ty Featherling <[email protected]> >>>>>>>>>>>>>>>>>>>>>>> *To:* <[email protected]>[email protected] >>>>>>>>>>>>>>>>>>>>>>> *Sent:* Tuesday, May 17, 2016 8:29 AM >>>>>>>>>>>>>>>>>>>>>>> *Subject:* Re: [AFMUG] ubnt malware >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> We're the hatiest! Our hate is refined though, and >>>>>>>>>>>>>>>>>>>>>>> surgically applied. The forums are more like monkeys >>>>>>>>>>>>>>>>>>>>>>> throwing their >>>>>>>>>>>>>>>>>>>>>>> hate-shit indescriminately. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> -Ty >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 8:26 AM, Bill Prince < >>>>>>>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> All your hate are belong to us. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> bp >>>>>>>>>>>>>>>>>>>>>>>> <part15sbs{at}gmail{dot}com> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> On 5/17/2016 6:25 AM, Chuck McCown wrote: >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Hey, we got hate here... I hate it when people >>>>>>>>>>>>>>>>>>>>>>>> complain about our lack of hate. We can hate with the >>>>>>>>>>>>>>>>>>>>>>>> best of them, just >>>>>>>>>>>>>>>>>>>>>>>> choose to reserve it for a better time and place... >>>>>>>>>>>>>>>>>>>>>>>> afmug: higher quality >>>>>>>>>>>>>>>>>>>>>>>> hate >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> *From:* Ty Featherling <[email protected]> >>>>>>>>>>>>>>>>>>>>>>>> *Sent:* Tuesday, May 17, 2016 7:21 AM >>>>>>>>>>>>>>>>>>>>>>>> *To:* <[email protected]>[email protected] >>>>>>>>>>>>>>>>>>>>>>>> *Subject:* Re: [AFMUG] ubnt malware >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> When Steve comes back from somewhere complaining of >>>>>>>>>>>>>>>>>>>>>>>> too much hate, you know that place is a hell-hole. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> -Ty >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> -Ty >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 4:48 AM, That One Guy >>>>>>>>>>>>>>>>>>>>>>>> /sarcasm < <[email protected]> >>>>>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> holy nuggets of hate. I just got done reading the >>>>>>>>>>>>>>>>>>>>>>>>> 31 pages of hate, now i remember why i dont ever go >>>>>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> On Tue, May 17, 2016 at 12:49 AM, That One Guy >>>>>>>>>>>>>>>>>>>>>>>>> /sarcasm < <[email protected]> >>>>>>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> wow, port 19081 turns out to be pretty popular >>>>>>>>>>>>>>>>>>>>>>>>>> one im cleaning up now has a child connection >>>>>>>>>>>>>>>>>>>>>>>>>> active in it since i logged in, im curious what its >>>>>>>>>>>>>>>>>>>>>>>>>> doing >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> On Mon, May 16, 2016 at 10:55 PM, Mathew Howard < >>>>>>>>>>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> >>>>>>>>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> ...unless of course it gets on a PC at the >>>>>>>>>>>>>>>>>>>>>>>>>>> office... in which case we'd be in trouble. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> On Mon, May 16, 2016 at 10:53 PM, Mathew Howard >>>>>>>>>>>>>>>>>>>>>>>>>>> < <[email protected]>[email protected]> >>>>>>>>>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> True! but that hasn't happened yet, and it >>>>>>>>>>>>>>>>>>>>>>>>>>>> still shouldn't get beyond that customer's radio. >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> On Mon, May 16, 2016 at 9:35 PM, Mike Hammett < >>>>>>>>>>>>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> Until it gets delivered via Flash or Java or >>>>>>>>>>>>>>>>>>>>>>>>>>>>> something else... ;-) >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> ----- >>>>>>>>>>>>>>>>>>>>>>>>>>>>> Mike Hammett >>>>>>>>>>>>>>>>>>>>>>>>>>>>> Intelligent Computing Solutions >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <http://www.ics-il.com/> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.facebook.com/ICSIL> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://twitter.com/ICSIL> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> Midwest Internet Exchange >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <http://www.midwest-ix.com/> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.facebook.com/mdwestix> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://twitter.com/mdwestix> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> The Brothers WISP >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <http://www.thebrotherswisp.com/> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.facebook.com/thebrotherswisp> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> ------------------------------ >>>>>>>>>>>>>>>>>>>>>>>>>>>>> *From: *"Mathew Howard" < >>>>>>>>>>>>>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> *To: *"af" < <[email protected]>[email protected]> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> *Sent: *Monday, May 16, 2016 9:16:40 PM >>>>>>>>>>>>>>>>>>>>>>>>>>>>> *Subject: *Re: [AFMUG] ubnt malware >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> If you have firewall rules at the edge of the >>>>>>>>>>>>>>>>>>>>>>>>>>>>> network blocking the management ports ti the >>>>>>>>>>>>>>>>>>>>>>>>>>>>> airrouters that are on public >>>>>>>>>>>>>>>>>>>>>>>>>>>>> IPs, they're probably fine. We still have some >>>>>>>>>>>>>>>>>>>>>>>>>>>>> radios that are on old >>>>>>>>>>>>>>>>>>>>>>>>>>>>> firmware, but I haven't been able to find >>>>>>>>>>>>>>>>>>>>>>>>>>>>> anything on our network that's >>>>>>>>>>>>>>>>>>>>>>>>>>>>> infected. Fortunately, when I was setting up the >>>>>>>>>>>>>>>>>>>>>>>>>>>>> firewall rules to block >>>>>>>>>>>>>>>>>>>>>>>>>>>>> access to the CPEs from outside our network, I >>>>>>>>>>>>>>>>>>>>>>>>>>>>> decided it was desirable to >>>>>>>>>>>>>>>>>>>>>>>>>>>>> block customers from being able to get to other >>>>>>>>>>>>>>>>>>>>>>>>>>>>> customers radios as well... >>>>>>>>>>>>>>>>>>>>>>>>>>>>> which should break the self replicating part of >>>>>>>>>>>>>>>>>>>>>>>>>>>>> this thing, so even if it >>>>>>>>>>>>>>>>>>>>>>>>>>>>> does somehow get into our network, it shouldn't >>>>>>>>>>>>>>>>>>>>>>>>>>>>> be able to get far. >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> That said, I'm updating everything that isn't >>>>>>>>>>>>>>>>>>>>>>>>>>>>> on at least 5.6.2 right away. >>>>>>>>>>>>>>>>>>>>>>>>>>>>> On May 16, 2016 8:41 PM, "That One Guy >>>>>>>>>>>>>>>>>>>>>>>>>>>>> /sarcasm" < <[email protected]> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> yeah, thats amazing me, one fella was >>>>>>>>>>>>>>>>>>>>>>>>>>>>> complaining about how much of a problem it would >>>>>>>>>>>>>>>>>>>>>>>>>>>>> be to take a unit offline >>>>>>>>>>>>>>>>>>>>>>>>>>>>> to get on a bench. I would think if things are >>>>>>>>>>>>>>>>>>>>>>>>>>>>> that bad that your network >>>>>>>>>>>>>>>>>>>>>>>>>>>>> is progressively shutting down, convenience would >>>>>>>>>>>>>>>>>>>>>>>>>>>>> be the least of your >>>>>>>>>>>>>>>>>>>>>>>>>>>>> concerns. >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> I have to investigate a couple anomalies on >>>>>>>>>>>>>>>>>>>>>>>>>>>>> the network, in the back of my mind Im hoping the >>>>>>>>>>>>>>>>>>>>>>>>>>>>> air routers have been hit >>>>>>>>>>>>>>>>>>>>>>>>>>>>> to put a nail in their coffins so we cam go with >>>>>>>>>>>>>>>>>>>>>>>>>>>>> mikrotiks as the CPE >>>>>>>>>>>>>>>>>>>>>>>>>>>>> router instead >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> On Mon, May 16, 2016 at 8:33 PM, Josh Reynolds >>>>>>>>>>>>>>>>>>>>>>>>>>>>> < <[email protected]>[email protected]> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Or threatening to sue because of their own >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> personal ignorance and negligence. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> On May 16, 2016 8:32 PM, "Mike Hammett" < >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> A good amount of it is just people that >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> don't know any better making false observations. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ----- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Mike Hammett >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Intelligent Computing Solutions >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <http://www.ics-il.com/> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.facebook.com/ICSIL> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://twitter.com/ICSIL> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Midwest Internet Exchange >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <http://www.midwest-ix.com/> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.facebook.com/mdwestix> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://twitter.com/mdwestix> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> The Brothers WISP >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <http://www.thebrotherswisp.com/> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.facebook.com/thebrotherswisp> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ------------------------------ >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> *From: *"That One Guy /sarcasm" < >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <[email protected]> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> [email protected]> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> *To: * <[email protected]>[email protected] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> *Sent: *Monday, May 16, 2016 8:19:00 PM >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> *Subject: *[AFMUG] ubnt malware >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From what im reading in their forums >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> something set off over the weekend? or is it >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ubnt douche nozzles? >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> It sounds almost as if this malware is >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> actively being manipulated (changing from key >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> access to foul >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> username/password, wandering control ports, >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> etc, like script kiddies found >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> a new toy? >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> is this thing self propagating from the >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> device? >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> If you only see yourself as part of the team >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> but you don't see your team as part of yourself >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> you have already failed as >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> part of the team. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>> If you only see yourself as part of the team >>>>>>>>>>>>>>>>>>>>>>>>>>>>> but you don't see your team as part of yourself >>>>>>>>>>>>>>>>>>>>>>>>>>>>> you have already failed as >>>>>>>>>>>>>>>>>>>>>>>>>>>>> part of the team. >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>>> If you only see yourself as part of the team but >>>>>>>>>>>>>>>>>>>>>>>>>> you don't see your team as part of yourself you have >>>>>>>>>>>>>>>>>>>>>>>>>> already failed as part >>>>>>>>>>>>>>>>>>>>>>>>>> of the team. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>> If you only see yourself as part of the team but >>>>>>>>>>>>>>>>>>>>>>>>> you don't see your team as part of yourself you have >>>>>>>>>>>>>>>>>>>>>>>>> already failed as part >>>>>>>>>>>>>>>>>>>>>>>>> of the team. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> ...
