Prihlásiť sa Odoslať Novinky :: FAQ :: Rozšírené vyhľadávanie :: Napísali o nás :: Ankety
Main Menu
· Home
· 
· FAQ
· 
· Diskusia
· 











Main Menu
· Domov

Moduly
· AvantGo
· Downloads
· FAQ
· News
· Recommend Us
· Reviews
· Search
· Sections
· Stats
· Topics
· Top List
· Web Links
· Forum

Jazyk
Výber jazykovej mutácie:



The time now is 29.03.2024 - 00:20


UBNT virus

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 1 of 5 12345 >
Author Message
kotol
Post subject: UBNT virus  PostPosted: 14.05.2016 - 19:20 #111095
Guru


Joined: Júl 14, 2005
Posts: 1590

paraada... este ze nemame nic lepsie na praci len behat a platat deravy soft od UBNT

mate niekto idealne riesenie aby sa to uz nezopakovalo?
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
pixall
Post subject: UBNT virus  PostPosted: 14.05.2016 - 19:23 #111096
Majster


Joined: Okt 21, 2003
Posts: 4247

podrobnosti?
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
kotol
Post subject: RE: UBNT virus  PostPosted: 14.05.2016 - 19:55 #111097
Guru


Joined: Júl 14, 2005
Posts: 1590

http://community.ubnt.com/t5/airMAX-Gen ... 940/page/7

na Ubnt forach je panika....

infikovatelne su vsetky verzie vacsiny UBNT zariadeni...

niektory hlasia tisicky zrusenych zariadeni...
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
midnight_man
Post subject: RE: UBNT virus  PostPosted: 14.05.2016 - 21:25 #111098
Majster


Joined: Feb 14, 2011
Posts: 2544

uz pri prvej bezpecnostnej diere par rokov dozadu bolo jasne ze UBNT nepatri na verejne svetove IP.

Znova sa to potvrdzuje.... Inak to chlapci zase pekne posrali...

Riesenie je jednoduche. Nemat ubnt na svetovych IP a ešte k tomu WEB na porte 80.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
pixall
Post subject: RE: UBNT virus  PostPosted: 14.05.2016 - 21:34 #111099
Majster


Joined: Okt 21, 2003
Posts: 4247

Na verejne IP nepatri takmer nic. Vsetko ma diery. Aj Cisco, aj Juniper, aj Windows, nikto nie je neomylny. UBNT je na tom stale s bezpecnostou o tri triedy lepsie nez bezny cinsky router/kamera/dvr/modem/atd, u takychto som uz zazil aj nacuvajuce ftp alebo telnet s otvorenym celym systemom, a heslom root/root ktore sa ani neda zmenit...
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
kotol
Post subject: RE: UBNT virus  PostPosted: 14.05.2016 - 21:42 #111100
Guru


Joined: Júl 14, 2005
Posts: 1590

problem je ze sa to siri po lanke aj ked nemas zariadenia na verejnych IP
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
midnight_man
Post subject: RE: UBNT virus  PostPosted: 14.05.2016 - 22:47 #111101
Majster


Joined: Feb 14, 2011
Posts: 2544

kotol wrote: ›problem je ze sa to siri po lanke aj ked nemas zariadenia na verejnych IP


ano ale prvotny virus musis chytit cez svetove IP.

dalej musis mat http porty ine ako 80

https://hackerone.com/reports/73480
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
kotol
Post subject: RE: UBNT virus  PostPosted: 14.05.2016 - 22:50 #111102
Guru


Joined: Júl 14, 2005
Posts: 1590

nepomohlo... leze to aj cez ssh port
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
pixall
Post subject: RE: UBNT virus  PostPosted: 15.05.2016 - 11:25 #111103
Majster


Joined: Okt 21, 2003
Posts: 4247

kotol wrote: ›nepomohlo... leze to aj cez ssh port


firmwary starsie ako tieto:
5.5.11 XM/TI
5.5.10u2 XW
5.6.2 XW/XM/TI
maju zdokumentovanu bezpecnosntu dieru (dlhsie ako pol roka) a vo vlastnom zaujme si ich treba ihned upgradovat prinajmensom na vyssieuvedene verzie. na deravych verziach staci na ziskanie plneho pristupu do zariadenia pristup k jeho webu a znalost spravneho postupu.

na uvedenych a vyssich verziach sa ubiquiti developerom nepodarilo zreprodukovat moznost nakazenia zariadenia wormom.

worm instaluje do zariadenia ssh kluc. ak ho neodstranis, pochopitelne ze zariadenie ostane dalej napadnutelne cez ssh.
http://community.ubnt.com/t5/airMAX-Gen ... 481#M55044
https://github.com/diegocanton/remove_ubnt_mf
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
midnight_man
Post subject: RE: UBNT virus  PostPosted: 15.05.2016 - 13:35 #111105
Majster


Joined: Feb 14, 2011
Posts: 2544

pixall wrote: ›
kotol wrote: ›nepomohlo... leze to aj cez ssh port


firmwary starsie ako tieto:
5.5.11 XM/TI
5.5.10u2 XW
5.6.2 XW/XM/TI
maju zdokumentovanu bezpecnosntu dieru (dlhsie ako pol roka) a vo vlastnom zaujme si ich treba ihned upgradovat prinajmensom na vyssieuvedene verzie. na deravych verziach staci na ziskanie plneho pristupu do zariadenia pristup k jeho webu a znalost spravneho postupu.

na uvedenych a vyssich verziach sa ubiquiti developerom nepodarilo zreprodukovat moznost nakazenia zariadenia wormom.

worm instaluje do zariadenia ssh kluc. ak ho neodstranis, pochopitelne ze zariadenie ostane dalej napadnutelne cez ssh.
http://community.ubnt.com/t5/airMAX-Gen ... 481#M55044
https://github.com/diegocanton/remove_ubnt_mf


Presne tak, ...preto to aj nadalej lezie cez SSH port. Virus uz ma ulozene kluce v zariadeni a teda nepotrebuje nadalej WEB pristup.

Prvotny atak ale ide cez WEB port a metodou php2 "post" vyuziva bezpecnostnu dieru v daka ktorej ulozi SSH kluce do zariadenia, tym ziska SSH pristup....dalej to poznate. (inak je to riadny fail!) asi taky isty ako skynet par rokov dozadu!

Akurat som nedopatral akym cinom sa to siri dalej? nevyskumali ste to niekto? Pouziva to UBNT discovery alebo len pinga ip v rovnakom subnete?
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
kotol
Post subject: RE: UBNT virus  PostPosted: 15.05.2016 - 13:38 #111106
Guru


Joined: Júl 14, 2005
Posts: 1590

zatial pomaha novy firmware a firewall komplet na INPUT

na forach sa stazuju viaceri na infekcie najnovsich firmwareov...
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
midnight_man
Post subject: RE: UBNT virus  PostPosted: 15.05.2016 - 13:43 #111107
Majster


Joined: Feb 14, 2011
Posts: 2544

jezisi jasne ze sa stazuju pretoze updatom noveho FW sa virus NEODSTRANI!!!!!! Novy FW len zabranuje vzniku infekcie.

virus je nutne odstranit podla pokynov na fore! az potom robit upgrade.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
rado3105
Post subject: RE: UBNT virus  PostPosted: 15.05.2016 - 15:42 #111108
Majster


Joined: Júl 11, 2008
Posts: 2311

Schytal to niekto? Udajne to taha veci z openwrt.org (treba ip adresy evidentne blokovat).

Kotol ako myslis treba firewall na input? - kazde ubnt zariadenie blokovat resp. upravit na INPUT? myslim ze tu by stacilo na brane na forwarde blokovat openwrt adresy....resp. cez staticke dns openwrt presmerovat....

http://lokalnyisp.net/viewtopic.php?f=3 ... 3cb55#p937
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
kotol
Post subject: RE: UBNT virus  PostPosted: 15.05.2016 - 16:23 #111109
Guru


Joined: Júl 14, 2005
Posts: 1590

nastavujem tam proste akekolvek spojenie ktore ide na ubnt zariadenie okrem opravnenej mgmt siete dropne

forward trafic ostava bezo zmeny
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
midnight_man
Post subject: RE: UBNT virus  PostPosted: 15.05.2016 - 21:51 #111112
Majster


Joined: Feb 14, 2011
Posts: 2544

ano dajte si na GW pravidlo ktore blokne openwrt.org a zaroven hodi IP do address listu aby ste vedeli kde je problem Wink
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Display posts from previous:     
All times are GMT
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 1 of 5 12345 >
Jump to:  

Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits

(C) SKFree 2002-2010: Powered by POSTNUKE. Môžete prebera? naše správy vo formáte XML(RSS)