[caiu] RES: Virus UBNT

Edinilson - ATINET edinilson em atinet.com.br
Ter Maio 17 10:27:11 BRT 2016


Não sei se serviria para o proposito atual, mas no passado precisei fazer
uma atualização em massa e utilizei esse script:
https://github.com/sudomesh/ubi-flasher

É fácil de customizar.


Edinilson

------------------------------------------
ATINET
Tel Voz: (0xx11) 4412-0876
http://www.atinet.com.br


----- Original Message ----- 
From: "Alexandre J. Correa (Onda)" <alexandre at onda.net.br>
To: "Lista das indisponibilidades da Internet brasileira" 
<caiu at eng.registro.br>
Sent: Tuesday, May 17, 2016 10:20 AM
Subject: Re: [caiu] RES: Virus UBNT


Na 'tuada' que o negócio ta indo, acho que vai ser melhor mesclar os 2
projetos ..


Em 17/05/2016 04:49, Diego Canton de Brito escreveu:
> Então deu certo o uso de trigger_url (do airos) :D
>
> Alexandre, fiz uma alteração no meu GIT do seu código de update, para
> que o pessoal possa cambiar entre URL de firmware, seria legal fazer ai
> tbm.
>
> URL='http://dl.ubnt.com/firmwares/XN-fw/v5.6.5/XM.v5.6.5.29033.160515.2119.bin'
> #
> URL='http://dl.ubnt.com/firmwares/XN-fw/v5.6.4/XM.v5.6.4.28924.160331.1253.bin'
> wget $URL -O /tmp/firmware.bin
> ubntbox fwupdate.real -m /tmp/firmware.bin
>
> Para mais exemplos https://github.com/diegocanton/remove_ubnt_mf/
>
> Em 2016-05-17 01:48, Alexandre J. Correa (Onda) escreveu:
>
>> https://github.com/ajcorrea/cleanmf
>>
>> Migrei para GITHUB, inclui também Compliance test e Alteração de portas 
>> padrão (Diego Canton)
>>
>> O script agora utiliza o github como base para download, utilizando a 
>> função trigger_url !!!
>>
>> Em 16/05/2016 22:09, marcio petarnella escreveu: Já perdi a paciência com 
>> esse aircontrol, já instalei o server agora o
>> cliente só da erro de login e senha, não funciona nem por decreto, já
>> troquei java , já fiz de tudo, não vou mais perder tempo com isso, já não
>> basta essa ferramenta da ubiquiti q também não funciona.
>> Em 16/05/2016 9:51 PM, "Geeek Masters" <rgeeek at gmail.com> escreveu:
>>
>> Se você fizer pelo AirControl sim.
>>
>> 2016-05-16 21:43 GMT-03:00 marcio petarnella <marcio at mgptelecom.com.br>:
>>
>> Algum script q verifica a versão se xm ou xw e faz a atualização 
>> automática ?
>> Em 16/05/2016 9:08 PM, "Geeek Masters" <rgeeek at gmail.com> escreveu:
>>
>> [image: Ubiquiti Networks]
>> <
> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=e0bce9c5c5&e=fca1226044
>
>
>>> BROADBAND
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=d98a23213c&e=fca1226044
>
>
>>> ENTERPRISE
>>> <
> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=1c98dce54c&e=fca1226044
>
>
>>> PRODUCTS
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=a326d664b7&e=fca1226044
>
>
>>> SUPPORT
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=2230187878&e=fca1226044
>
>
>>> BUY
>>> <
> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=1ac11f1e55&e=fca1226044
>
>
>>> IMPORTANT
>>> What We Know
>>>
>>> In recent days, we've seen virus activity taking network devices
>   offline.
>
>>> In most cases, devices are reset to factory defaults. In other cases,
>>> devices are still operational, but inaccessible. The virus is using an
>>> HTTP/HTTPS exploit that doesn't require authentication. Simply having a
>>> radio with out-of-date firmware and having its HTTP (port 80)/HTTPS
>   (port
>
>>> 443) interface exposed to the Internet is enough to get infected.
>>> Checking Your Devices
>>>
>>> Devices running the following firmware are *NOT* affected:
>>>
>>> Ensure the Safety of Your Devices
>>>
>>> Ubiquiti takes these threats seriously and has created a patch and an
>>> Android app to diagnose and fix the problem. To check your devices and
>>> remove the virus, please use *the removal tool*
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=4444e56b2c&e=fca1226044
>
>
>>> .
>>>
>>> Note: The tool has the ability to upgrade airMAX M series devices to
>>> airOS(R) v5.6.5,
>>> which completely disables custom script usage.
>>> If a device is inaccessible, TFTP recovery will be required to reset it
>> to
>>
>>> factory defaults.
>>>
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=821cdb27dc&e=fca1226044
>
>
>>> For further discussions, check our *community page *
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=da02fcd1ca&e=fca1226044
>
>
>>> or contact our *support team
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=8a12f2fc13&e=fca1226044
>
>
>> * .
>> Copyright (c) 2016, Ubiquiti Networks, Inc. All Rights Reserved.
>> Ubiquiti Networks 2580 Orchard Parkway San Jose, CA 95131 USA
>>
>> Share this on:
>> <
> http://www.facebook.com/share.php?u=http%3A%2F%2Fus8.campaign-archive2.com%2F%3Fu%3Dbc856e62a9254399365d0277b%26id%3Dd674aca0a1&t=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software
>
>
>>> <
> http://twitter.com/intent/tweet?text=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software%20-%20http%3A%2F%2Feepurl.com%2Fb10cX1
>
>
>>> <
> http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fus8.campaign-archive1.com%2F%3Fu%3Dbc856e62a9254399365d0277b%26id%3Dd674aca0a1&title=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software
>
>
>>> <
> http://us8.forward-to-friend.com/forward?u=bc856e62a9254399365d0277b&id=d674aca0a1&e=fca1226044
>
>
>>> Unsubscribe
>>> <
> http://ubnt.us8.list-manage.com/unsubscribe?u=bc856e62a9254399365d0277b&id=1c1b02cb37&e=fca1226044&c=d674aca0a1
>
>
>>> |    Update Preferences
>>> <
> http://ubnt.us8.list-manage2.com/profile?u=bc856e62a9254399365d0277b&id=1c1b02cb37&e=fca1226044
>
>
>>> |    View in browser
>>> <
> http://us8.campaign-archive2.com/?u=bc856e62a9254399365d0277b&id=d674aca0a1&e=fca1226044
>
>
>>> Follow: Facebook
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=e7237e0c93&e=fca1226044
>
>
>>> |    Twitter
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=7e60518caa&e=fca1226044
>
>
>>> |    YouTube
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=f50704a90c&e=fca1226044
>
>
>>> <
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=f36406c247&e=fca1226044
>
>
>>> Em 16 de maio de 2016 15:56, Lucas Fernandes <
>   lucas at jotaftelecom.com.br>
>
>> escreveu:
>>
>> SSH
>>
>> touch /etc/persistent/ ct
>>
>> Só isso ja volta o complience test
>>
>> Obrigado
>> Atenciosamente,
>>
>> JotaF.Telecom
>>
>> *Lucas Fernandes*
>> Gerente de Redes
>>
>> *T: *19 3913-9797 *C: *19 9 7163-3676
>> www.jotaftelecom.com.br [1]
>>
>> JotaF.Telecom
>>
>> Em 16/05/2016 15:52, Alexandre Silva Nano escreveu:
>>
>> Em 16 de maio de 2016 15:37, Rogerio Alves <
>   rogerioapedroso at gmail.com
>
>> escreveu:
>>
>> Venho aqui agradecer ao Alexandre J. Correa, pois graças ao
>   esforço  e
>
>> inteligência dele, estou conseguindo dar uma organizada na bagunça
>   que
>
>> a UBNT fez e não conseguiu ao menos fazer uma ferramenta que preste!
>>
>> Show de bola! Gostei também do script! Agora, Alexandre. Quem utiliza 
>> Compliance Test, como faz pra
>   continuar a
>
>> utilizar? Se atualizar para a versão que você colocou no script, o
>   CT
>
>> será inibido.
>>
>> _______________________________________________
>> caiu mailing list
>> caiu at eng.registro.br
>> https://eng.registro.br/mailman/listinfo/caiu
>>
>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>
>> https://eng.registro.br/mailman/options/caiu
> --
>
> <
>
> https://ubnt.zendesk.com/attachments/token/cSQI60Oj1xSqnAmT4s2bmyCXj/?name=Rodrigo+Gregorio+C.+de+Paula+%28Geeek%29.pdf
>
>
>> [image: IPV6 Ready?] <http://geeekzone.com/>[image: IPV6 Ready?]
>> <https://ipv6.he.net/certification/scoresheet.php?pass_name=Geeek>
>> _______________________________________________
>> caiu mailing list
>> caiu at eng.registro.br
>> https://eng.registro.br/mailman/listinfo/caiu
>>
>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>
>> https://eng.registro.br/mailman/options/caiu
>   _______________________________________________
> caiu mailing list
> caiu at eng.registro.br
> https://eng.registro.br/mailman/listinfo/caiu
>
> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>
> https://eng.registro.br/mailman/options/caiu
>
> --
>
> <
> https://ubnt.zendesk.com/attachments/token/cSQI60Oj1xSqnAmT4s2bmyCXj/?name=Rodrigo+Gregorio+C.+de+Paula+%28Geeek%29.pdf
>
>
>> [image:
>   IPV6 Ready?] <http://geeekzone.com/>[image: IPV6 Ready?]
> <https://ipv6.he.net/certification/scoresheet.php?pass_name=Geeek>
> _______________________________________________
> caiu mailing list
> caiu at eng.registro.br
> https://eng.registro.br/mailman/listinfo/caiu
>
> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>
> https://eng.registro.br/mailman/options/caiu
>   _______________________________________________
> caiu mailing list
> caiu at eng.registro.br
> https://eng.registro.br/mailman/listinfo/caiu
>
> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>
> https://eng.registro.br/mailman/options/caiu
>


-- 
Sds.

Alexandre Jeronimo Correa
Onda Internet
Office: +55 34 3351 3077
www.onda.net.br

_______________________________________________
caiu mailing list
caiu at eng.registro.br
https://eng.registro.br/mailman/listinfo/caiu


--> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:

https://eng.registro.br/mailman/options/caiu



Mais detalhes sobre a lista de discussão caiu