| Author |
Message |
|
|
Post subject: RE: UBNT virus
 Posted: 16.05.2016 - 12:27 #111113
|
|
Ucen
Joined: Jan 30, 2004
Posts: 648
|
|
| pre airgrid je uz dostupny firmware 5.6.5 ktory riesi tento problem, predpokladam ze ostatne budu nasledovat kazdu chvilu. Ten 5.6.5 bol pridany dnes na support stranku ubnt |
|
|
| |
|
|
|
 |
|
|
|
Post subject: RE: UBNT virus
Posted: 16.05.2016 - 12:44 #111114
|
|
Basic
Joined: Jan 23, 2009
Posts: 176
|
|
Dostane sa to tam aj ked mam web na nestandardnom porte a SSH vypnute ?
dik |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 16.05.2016 - 14:30 #111115
|
|
Basic
Joined: Okt 21, 2007
Posts: 305
|
|
Uz je FW dostupny pre vsetky 5.6.5 XM
AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, Power AP N |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 16.05.2016 - 15:02 #111116
|
|
Majster
Joined: Júl 11, 2008
Posts: 2311
|
|
avsak pozor pri tom firmwari prichadzate o moznost spustania custom skriptov....
a ak vam to zresetovalo zariadenie tu je postup ako ho obnovit na dialku:
We are going AP by AP, changing AP to 'ubnt' ssid so stations reassociate.
We add 192.168.1.1 subnet to the router with a route to it, so we can talk to each radio.
Then we add a MAC acl allow list to the AP so only one client associates.
We then log into 192.168.1.20 via web browser, upload saved config file (thanks AC2)
When all stations are done, we then switch AP back to original SSID. |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 17.05.2016 - 08:10 #111120
|
|
Basic
Joined: Jan 23, 2009
Posts: 176
|
|
rado3105 wrote: ›avsak pozor pri tom firmwari prichadzate o moznost spustania custom skriptov....
a ak vam to zresetovalo zariadenie tu je postup ako ho obnovit na dialku:
We are going AP by AP, changing AP to 'ubnt' ssid so stations reassociate.
We add 192.168.1.1 subnet to the router with a route to it, so we can talk to each radio.
Then we add a MAC acl allow list to the AP so only one client associates.
We then log into 192.168.1.20 via web browser, upload saved config file (thanks AC2)
When all stations are done, we then switch AP back to original SSID.
Scripty zdasa bezia normalne , akurat pribudol prehlad scriptov , ktore su na zariadeni a je tam moznost ich zmazat . |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 17.05.2016 - 18:58 #111121
|
|
Ucen
Joined: Okt 21, 2004
Posts: 792
|
|
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 17.05.2016 - 20:06 #111122
|
|
Majster
Joined: Júl 11, 2008
Posts: 2311
|
|
Takze toto evidentne pekne zahra do karat Mikrotiku na europskom trhu. Som rad, ze sme v minulosti zvolili taktiku pol na pol. Skoda, ze nie je dalsi vyrobca.
Doteraz nechapem, preco ubnt vyvija veci ako ten java scan tool, kde treba po rozsahoch pracne pridavat ip...tvra to nesmierne dlho, dni...pritom stacilo by len uorbit nejaku utilitu v Aircontrol2. Ip rozsahy tam su, teda ip...a uz by ich urcita utilita len preskenovala....avsak na tuto poziadavku nereaguju....
Avsak co sa tymto dosiahne je, ze sa bude dodrziavat tvrda europska legislativa a DFS - ktore UBNT uz dlhodobo pretlaca. Je zvlastne, ze Mikrotik nie...nevie to niekto vysvetlit? |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 17.05.2016 - 22:26 #111123
|
|
Majster
Joined: Feb 14, 2011
Posts: 2544
|
|
Asi by sa takých červov zišlo viac a častejšie. Možno by sa potom niektorí naučili čo to o bezpečnosti. Keď vidím tie ubnt login.cgi na verejkach, otvorené snmp kde vidno až do "kuchyne"....
Pixall tu spominal, všetko má diery aj cisco..samozrejme. Ale nemusíte mať pri tom otvorené dvere s nápisom "Vitajte"
Je zaujimave ze mnoho ISP o tomto probleme vie tak akurat z fora čo sa dočitali 
inak historia tej apky z ubnt fora ...postol to nejaky isp na forum najpr pre android...ubnt to prebralo, vylepsilo a potom spravili 5.6.5 FW.
aircontroll to nerieši pretoze nie vsetci ho maju.
UBNT ma zasadne medzery v PHP, kedze aj skynet roky dozadu bola diera ako svet v PHP... clovek ktory objavil tuto dieru pred 3/4 rokom dostal 18.000 dolarov od UBNT a vo svojim vyjadreni tvrdil ze je to skolacka chyba v PHP. |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 17.05.2016 - 22:52 #111124
|
|
Majster
Joined: Júl 11, 2008
Posts: 2311
|
|
| UBNT ma problem, ze je pri kupe otvorene. Navyse chyba tam jednoducha moznost obmedzenia na vnutornych rozsah - ci uz pre SNMP resp. komplet vsetky sluzby (management, ssh...). Nehovoriac o tej chybe, ktora bola mesiace znama, pisali o tom na root.cz a oni si pospavali....zvlastne mi pride ich spravanie...ako by to naschval....ale v USA kde je ciel vsetko spehovat je to mozne a je mozne, ze im to aj preplatia z federalnych penazi (vid. NSA program)... |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 18.05.2016 - 17:47 #111125
|
|
Majster
Joined: Júl 11, 2008
Posts: 2311
|
|
https://community.ubnt.com/t5/airMAX-Ge ... 968#M55993
Toto je myslim cesta akou ist. Obmedzit vsetko na inpute, povolit len nestandardne http len na vasich lokalnych, resp. urcenych ip rozsahov. A netreba riesit ziadne
A viktor kym preskenujes tou javou aplikaciou vsetky zariadenia a nadefinujes rozsahy aircontrol si nainstaluje a odinstalujes 1000x. |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 19.05.2016 - 07:28 #111126
|
|
Basic
Joined: Júl 17, 2008
Posts: 102
Location: SNV
|
|
| Mam na predaj riesenie zalozene na Pythone, ktore prejde siet, objavi UBNT zariadenia a vypluje do textaku IP tych, ktorym treba update. Nasledne dalsi Python skript urobi cistky a update. Subnet /16 urobi discovery tak za 30 minut. Nakodene za den, funguje na svoju dobu vzniku celkom dobre. Zaujemcovia piste na lukas.stana@it-admin.sk. |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 19.05.2016 - 20:43 #111127
|
|
Majster
Joined: Júl 11, 2008
Posts: 2311
|
|
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 20.05.2016 - 11:14 #111131
|
|
Ucen
Joined: Júl 15, 2011
Posts: 769
|
|
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 20.05.2016 - 12:37 #111132
|
|
Majster
Joined: Júl 11, 2008
Posts: 2311
|
|
|
|
|
|
|
|
|
Post subject: RE: UBNT virus
Posted: 25.05.2016 - 04:36 #111141
|
|
Ucen
Joined: Okt 21, 2004
Posts: 792
|
|
Je niekomu zname naco je v UBNT zariadeniach v /etc/passwd user mcuser, ked pod nim nebezi ziadny proces? Alebo nas v buducnosti cakaju dalsie zadne dvierka do ubnt, tentokrat cez ssh?
XW.v5.6.5# cat /etc/passwd
admin:$1$46esboAe$NKghkTljz8sa3Ba5qgic91:0:0:Administrator:/etc/persistent:/bin/sh
mcuser:!VvDE8C6TB1:0:0::/etc/persistent/mcuser:/bin/sh
XW.v5.6.5# ps -w
PID USER VSZ STAT COMMAND
1 admin 1984 S init
2 admin 0 SW [kthreadd]
3 admin 0 SW [ksoftirqd/0]
4 admin 0 SW [events/0]
5 admin 0 SW [khelper]
8 admin 0 SW [async/mgr]
42 admin 0 SW [sync_supers]
44 admin 0 SW [bdi-default]
46 admin 0 SW [kblockd/0]
66 admin 0 SW [kswapd0]
67 admin 0 SW [aio/0]
68 admin 0 SW [crypto/0]
150 admin 0 SW [mtdblockd]
256 admin 1976 S /bin/watchdog -t 1 /dev/watchdog
397 admin 1144 S /sbin/hotplug2 --persistent --set-rules-file /usr/etc/hotplug2.rules
665 admin 0 SW [ubnt_poll_sync_]
666 admin 0 SW [ubnt_poll_sync_]
797 admin 7756 S /bin/infctld -m -n -d
798 admin 2028 S /bin/dropbear -F -r /etc/persistent/dropbear_dss_host_key -r /etc/persistent/dropbear_rsa_host_key -p 22
799 admin 2308 S /bin/mcad
800 admin 1984 S init
983 admin 2072 S /bin/dropbear -F -r /etc/persistent/dropbear_dss_host_key -r /etc/persistent/dropbear_rsa_host_key -p 22
984 admin 1988 S -sh
986 admin 1984 R ps -w |
|
|
| |
|
|
|
|
|
|
