[caiu] RES: Virus UBNT
Jonas Sampaio
jonas.informatica em domalberto.edu.br
Qua Maio 18 12:10:22 BRT 2016
Diego,
Obrigado pelo retorno, estou passando um uniq para remover as linhas
duplicadas, assim que tiver alterado o script nos avise.
Em 18 de maio de 2016 12:01, Diego Canton de Brito <
diegocanton em ensite.com.br> escreveu:
>
> Olá, se vc usou meu script nas primeiras versões, pode ter se deparado com
> isso, infelizmente eu escrevi um >> numa linha que fez duplicar.
> Assim que voltar pra um computador passo um comando para arrumar, qualquer
> coisa adiciono naquele GIT ;)
> Mas basicamente tens que ler o arquivo e passar num uniq
> Outros equipamentos que tiverem DMZ precisarão de alterar a linha do DMZ
> no arquivo, não achei um meio seguro de fazer isso "/
> --
> Enviado do aplicativo myMail para Android quarta-feira, 18 maio 2016,
> 11:51AM -03:00 de Otávio Costa < otavioacosta em gmail.com> :
>
> >Jonas, notei isso em alguns rádios.
> >Apenas resetei o equipamento e as linhas duplicadas sumiram.
> >
> >
> >
> >*--*
> >
> >Em 18 de maio de 2016 11:19, Jonas Sampaio <
> >jonas.informatica em domalberto.edu.br > escreveu:
> >
> >> Bom dia,
> >>
> >>
> >> Alguém está notando que os paramentos, do arquivo /tmp/system.cfg estão
> >> duplicados em rádios infectados, e mesmo após atualizar a versão para
> >> v5.6.5, em alguns casos tivemos que acessar equipamentos por SSH e
> apagar
> >> linhas duplicadas para conseguir acesso Web novamente.
> >>
> >> ebtables.sys.vlan.status=disabled
> >> ebtables.sys.vlan.status=disabled
> >> ebtables.sys.vlan.status=disabled
> >> gui.language=pt_PT
> >> gui.language=pt_PT
> >> gui.language=pt_PT
> >> gui.language=pt_PT
> >> httpd.port=80
> >> httpd.port=80
> >> httpd.session.timeout=900
> >> httpd.session.timeout=900
> >> httpd.status=enabled
> >> httpd.status=enabled
> >>
> >> Se alguém conseguir ajudar agradecemos.
> >>
> >>
> >> Em 18 de maio de 2016 07:55, Werneck Costa < werneck.costa em gmail.com >
> >> escreveu:
> >>
> >> > Recebi, em um comunicado de uma empresa que vende Ubnt, este link com
> as
> >> > informações específicas:
> >> >
> >> >
> >> http://tecwi.envemkt.com.br/ver_mensagem.php?id=H
> |2015|200059783|143023926142581300
> >> >
> >> >
> >> > - - -
> >> > *Werneck Costa*
> >> > Analista de Suporte
> >> > e-mail/Skype/GTalk: werneck.costa em gmail.com
> >> >
> >> > Em 17 de maio de 2016 10:27, Edinilson - ATINET <
> edinilson em atinet.com.br
> >> >
> >> > escreveu:
> >> >
> >> > > Não sei se serviria para o proposito atual, mas no passado precisei
> >> fazer
> >> > > uma atualização em massa e utilizei esse script:
> >> > > https://github.com/sudomesh/ubi-flasher
> >> > >
> >> > > É fácil de customizar.
> >> > >
> >> > >
> >> > > Edinilson
> >> > >
> >> > > ------------------------------------------
> >> > > ATINET
> >> > > Tel Voz: (0xx11) 4412-0876
> >> > > http://www.atinet.com.br
> >> > >
> >> > >
> >> > > ----- Original Message ----- From: "Alexandre J. Correa (Onda)" <
> >> > > alexandre em onda.net.br >
> >> > > To: "Lista das indisponibilidades da Internet brasileira" <
> >> > > caiu em eng.registro.br >
> >> > > Sent: Tuesday, May 17, 2016 10:20 AM
> >> > > Subject: Re: [caiu] RES: Virus UBNT
> >> > >
> >> > >
> >> > >
> >> > > Na 'tuada' que o negócio ta indo, acho que vai ser melhor mesclar
> os 2
> >> > > projetos ..
> >> > >
> >> > >
> >> > > Em 17/05/2016 04:49, Diego Canton de Brito escreveu:
> >> > >
> >> > >> Então deu certo o uso de trigger_url (do airos) :D
> >> > >>
> >> > >> Alexandre, fiz uma alteração no meu GIT do seu código de update,
> para
> >> > >> que o pessoal possa cambiar entre URL de firmware, seria legal
> fazer
> >> ai
> >> > >> tbm.
> >> > >>
> >> > >> URL='
> >> > >>
> >> >
> >>
> http://dl.ubnt.com/firmwares/XN-fw/v5.6.5/XM.v5.6.5.29033.160515.2119.bin
> >> > >> '
> >> > >> #
> >> > >> URL='
> >> > >>
> >> >
> >>
> http://dl.ubnt.com/firmwares/XN-fw/v5.6.4/XM.v5.6.4.28924.160331.1253.bin
> >> > >> '
> >> > >> wget $URL -O /tmp/firmware.bin
> >> > >> ubntbox fwupdate.real -m /tmp/firmware.bin
> >> > >>
> >> > >> Para mais exemplos https://github.com/diegocanton/remove_ubnt_mf/
> >> > >>
> >> > >> Em 2016-05-17 01:48, Alexandre J. Correa (Onda) escreveu:
> >> > >>
> >> > >> https://github.com/ajcorrea/cleanmf
> >> > >>>
> >> > >>> Migrei para GITHUB, inclui também Compliance test e Alteração de
> >> portas
> >> > >>> padrão (Diego Canton)
> >> > >>>
> >> > >>> O script agora utiliza o github como base para download,
> utilizando a
> >> > >>> função trigger_url !!!
> >> > >>>
> >> > >>> Em 16/05/2016 22:09, marcio petarnella escreveu: Já perdi a
> paciência
> >> > >>> com esse aircontrol, já instalei o server agora o
> >> > >>> cliente só da erro de login e senha, não funciona nem por
> decreto, já
> >> > >>> troquei java , já fiz de tudo, não vou mais perder tempo com
> isso, já
> >> > não
> >> > >>> basta essa ferramenta da ubiquiti q também não funciona.
> >> > >>> Em 16/05/2016 9:51 PM, "Geeek Masters" < rgeeek em gmail.com >
> escreveu:
> >> > >>>
> >> > >>> Se você fizer pelo AirControl sim.
> >> > >>>
> >> > >>> 2016-05-16 21:43 GMT-03:00 marcio petarnella <
> >> marcio em mgptelecom.com.br
> >> > >:
> >> > >>>
> >> > >>> Algum script q verifica a versão se xm ou xw e faz a atualização
> >> > >>> automática ?
> >> > >>> Em 16/05/2016 9:08 PM, "Geeek Masters" < rgeeek em gmail.com >
> escreveu:
> >> > >>>
> >> > >>> [image: Ubiquiti Networks]
> >> > >>> <
> >> > >>>
> >> > >>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=e0bce9c5c5&e=fca1226044
> >> > >>
> >> > >>
> >> > >> BROADBAND
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=d98a23213c&e=fca1226044
> >> > >>
> >> > >>
> >> > >> ENTERPRISE
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=1c98dce54c&e=fca1226044
> >> > >>
> >> > >>
> >> > >> PRODUCTS
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=a326d664b7&e=fca1226044
> >> > >>
> >> > >>
> >> > >> SUPPORT
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=2230187878&e=fca1226044
> >> > >>
> >> > >>
> >> > >> BUY
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=1ac11f1e55&e=fca1226044
> >> > >>
> >> > >>
> >> > >> IMPORTANT
> >> > >>>> What We Know
> >> > >>>>
> >> > >>>> In recent days, we've seen virus activity taking network devices
> >> > >>>>
> >> > >>> offline.
> >> > >>
> >> > >> In most cases, devices are reset to factory defaults. In other
> cases,
> >> > >>>> devices are still operational, but inaccessible. The virus is
> using
> >> an
> >> > >>>> HTTP/HTTPS exploit that doesn't require authentication. Simply
> >> having
> >> > a
> >> > >>>> radio with out-of-date firmware and having its HTTP (port
> 80)/HTTPS
> >> > >>>>
> >> > >>> (port
> >> > >>
> >> > >> 443) interface exposed to the Internet is enough to get infected.
> >> > >>>> Checking Your Devices
> >> > >>>>
> >> > >>>> Devices running the following firmware are *NOT* affected:
> >> > >>>>
> >> > >>>> Ensure the Safety of Your Devices
> >> > >>>>
> >> > >>>> Ubiquiti takes these threats seriously and has created a patch
> and
> >> an
> >> > >>>> Android app to diagnose and fix the problem. To check your
> devices
> >> and
> >> > >>>> remove the virus, please use *the removal tool*
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=4444e56b2c&e=fca1226044
> >> > >>
> >> > >>
> >> > >> .
> >> > >>>>
> >> > >>>> Note: The tool has the ability to upgrade airMAX M series
> devices to
> >> > >>>> airOS(R) v5.6.5,
> >> > >>>> which completely disables custom script usage.
> >> > >>>> If a device is inaccessible, TFTP recovery will be required to
> reset
> >> > it
> >> > >>>>
> >> > >>> to
> >> > >>>
> >> > >>> factory defaults.
> >> > >>>>
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=821cdb27dc&e=fca1226044
> >> > >>
> >> > >>
> >> > >> For further discussions, check our *community page *
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=da02fcd1ca&e=fca1226044
> >> > >>
> >> > >>
> >> > >> or contact our *support team
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=8a12f2fc13&e=fca1226044
> >> > >>
> >> > >>
> >> > >> * .
> >> > >>> Copyright (c) 2016, Ubiquiti Networks, Inc. All Rights Reserved.
> >> > >>> Ubiquiti Networks 2580 Orchard Parkway San Jose, CA 95131 USA
> >> > >>>
> >> > >>> Share this on:
> >> > >>> <
> >> > >>>
> >> > >>
> >> > >>
> >> >
> >>
> http://www.facebook.com/share.php?u=http%3A%2F%2Fus8.campaign-archive2.com%2F%3Fu%3Dbc856e62a9254399365d0277b%26id%3Dd674aca0a1&t=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software
> >> > >>
> >> > >>
> >> > >> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://twitter.com/intent/tweet?text=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software%20-%20http%3A%2F%2Feepurl.com%2Fb10cX1
> >> > >>
> >> > >>
> >> > >> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fus8.campaign-archive1.com%2F%3Fu%3Dbc856e62a9254399365d0277b%26id%3Dd674aca0a1&title=Important%20Information%20Regarding%20Devices%20Running%20Older%20airOS%C2%A0Software
> >> > >>
> >> > >>
> >> > >> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://us8.forward-to-friend.com/forward?u=bc856e62a9254399365d0277b&id=d674aca0a1&e=fca1226044
> >> > >>
> >> > >>
> >> > >> Unsubscribe
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/unsubscribe?u=bc856e62a9254399365d0277b&id=1c1b02cb37&e=fca1226044&c=d674aca0a1
> >> > >>
> >> > >>
> >> > >> | Update Preferences
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage2.com/profile?u=bc856e62a9254399365d0277b&id=1c1b02cb37&e=fca1226044
> >> > >>
> >> > >>
> >> > >> | View in browser
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://us8.campaign-archive2.com/?u=bc856e62a9254399365d0277b&id=d674aca0a1&e=fca1226044
> >> > >>
> >> > >>
> >> > >> Follow: Facebook
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=e7237e0c93&e=fca1226044
> >> > >>
> >> > >>
> >> > >> | Twitter
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=7e60518caa&e=fca1226044
> >> > >>
> >> > >>
> >> > >> | YouTube
> >> > >>>> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=f50704a90c&e=fca1226044
> >> > >>
> >> > >>
> >> > >> <
> >> > >>>>
> >> > >>>
> >> > >>
> >> >
> >>
> http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=f36406c247&e=fca1226044
> >> > >>
> >> > >>
> >> > >> Em 16 de maio de 2016 15:56, Lucas Fernandes <
> >> > >>>>
> >> > >>> lucas em jotaftelecom.com.br >
> >> > >>
> >> > >> escreveu:
> >> > >>>
> >> > >>> SSH
> >> > >>>
> >> > >>> touch /etc/persistent/ ct
> >> > >>>
> >> > >>> Só isso ja volta o complience test
> >> > >>>
> >> > >>> Obrigado
> >> > >>> Atenciosamente,
> >> > >>>
> >> > >>> JotaF.Telecom
> >> > >>>
> >> > >>> *Lucas Fernandes*
> >> > >>> Gerente de Redes
> >> > >>>
> >> > >>> *T: *19 3913-9797 *C: *19 9 7163-3676
> >> > >>> www.jotaftelecom.com.br [1]
> >> > >>>
> >> > >>> JotaF.Telecom
> >> > >>>
> >> > >>> Em 16/05/2016 15:52, Alexandre Silva Nano escreveu:
> >> > >>>
> >> > >>> Em 16 de maio de 2016 15:37, Rogerio Alves <
> >> > >>>
> >> > >> rogerioapedroso em gmail.com
> >> > >>
> >> > >> escreveu:
> >> > >>>
> >> > >>> Venho aqui agradecer ao Alexandre J. Correa, pois graças ao
> >> > >>>
> >> > >> esforço e
> >> > >>
> >> > >> inteligência dele, estou conseguindo dar uma organizada na bagunça
> >> > >>>
> >> > >> que
> >> > >>
> >> > >> a UBNT fez e não conseguiu ao menos fazer uma ferramenta que
> preste!
> >> > >>>
> >> > >>> Show de bola! Gostei também do script! Agora, Alexandre. Quem
> utiliza
> >> > >>> Compliance Test, como faz pra
> >> > >>>
> >> > >> continuar a
> >> > >>
> >> > >> utilizar? Se atualizar para a versão que você colocou no script, o
> >> > >>>
> >> > >> CT
> >> > >>
> >> > >> será inibido.
> >> > >>>
> >> > >>> _______________________________________________
> >> > >>> caiu mailing list
> >> > >>> caiu em eng.registro.br
> >> > >>> https://eng.registro.br/mailman/listinfo/caiu
> >> > >>>
> >> > >>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >> > >>>
> >> > >>> https://eng.registro.br/mailman/options/caiu
> >> > >>>
> >> > >> --
> >> > >>
> >> > >> <
> >> > >>
> >> > >>
> >> > >>
> >> >
> >>
> https://ubnt.zendesk.com/attachments/token/cSQI60Oj1xSqnAmT4s2bmyCXj/?name=Rodrigo+Gregorio+C.+de+Paula+%28Geeek%29.pdf
> >> > >>
> >> > >>
> >> > >> [image: IPV6 Ready?] < http://geeekzone.com/ >[image: IPV6 Ready?]
> >> > >>> <
> https://ipv6.he.net/certification/scoresheet.php?pass_name=Geeek >
> >> > >>> _______________________________________________
> >> > >>> caiu mailing list
> >> > >>> caiu em eng.registro.br
> >> > >>> https://eng.registro.br/mailman/listinfo/caiu
> >> > >>>
> >> > >>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >> > >>>
> >> > >>> https://eng.registro.br/mailman/options/caiu
> >> > >>>
> >> > >> _______________________________________________
> >> > >> caiu mailing list
> >> > >> caiu em eng.registro.br
> >> > >> https://eng.registro.br/mailman/listinfo/caiu
> >> > >>
> >> > >> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >> > >>
> >> > >> https://eng.registro.br/mailman/options/caiu
> >> > >>
> >> > >> --
> >> > >>
> >> > >> <
> >> > >>
> >> > >>
> >> >
> >>
> https://ubnt.zendesk.com/attachments/token/cSQI60Oj1xSqnAmT4s2bmyCXj/?name=Rodrigo+Gregorio+C.+de+Paula+%28Geeek%29.pdf
> >> > >>
> >> > >>
> >> > >> [image:
> >> > >>>
> >> > >> IPV6 Ready?] < http://geeekzone.com/ >[image: IPV6 Ready?]
> >> > >> < https://ipv6.he.net/certification/scoresheet.php?pass_name=Geeek
> >
> >> > >> _______________________________________________
> >> > >> caiu mailing list
> >> > >> caiu em eng.registro.br
> >> > >> https://eng.registro.br/mailman/listinfo/caiu
> >> > >>
> >> > >> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >> > >>
> >> > >> https://eng.registro.br/mailman/options/caiu
> >> > >> _______________________________________________
> >> > >> caiu mailing list
> >> > >> caiu em eng.registro.br
> >> > >> https://eng.registro.br/mailman/listinfo/caiu
> >> > >>
> >> > >> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >> > >>
> >> > >> https://eng.registro.br/mailman/options/caiu
> >> > >>
> >> > >>
> >> > >
> >> > > --
> >> > > Sds.
> >> > >
> >> > > Alexandre Jeronimo Correa
> >> > > Onda Internet
> >> > > Office: +55 34 3351 3077
> >> > > www.onda.net.br
> >> > >
> >> > > _______________________________________________
> >> > > caiu mailing list
> >> > > caiu em eng.registro.br
> >> > > https://eng.registro.br/mailman/listinfo/caiu
> >> > >
> >> > >
> >> > > --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >> > >
> >> > > https://eng.registro.br/mailman/options/caiu
> >> > >
> >> > > _______________________________________________
> >> > > caiu mailing list
> >> > > caiu em eng.registro.br
> >> > > https://eng.registro.br/mailman/listinfo/caiu
> >> > >
> >> > >
> >> > > --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >> > >
> >> > > https://eng.registro.br/mailman/options/caiu
> >> > >
> >> > _______________________________________________
> >> > caiu mailing list
> >> > caiu em eng.registro.br
> >> > https://eng.registro.br/mailman/listinfo/caiu
> >> >
> >> >
> >> > --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >> >
> >> > https://eng.registro.br/mailman/options/caiu
> >> >
> >>
> >>
> >>
> >> --
> >>
> >>
> >> *ATT,Jonas Sampaio*Coordenação de Software.
> >> Faculdade Dom Alberto (51) 21066362.
> >> _______________________________________________
> >> caiu mailing list
> >> caiu em eng.registro.br
> >> https://eng.registro.br/mailman/listinfo/caiu
> >>
> >>
> >> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >>
> >> https://eng.registro.br/mailman/options/caiu
> >>
> >_______________________________________________
> >caiu mailing list
> >caiu em eng.registro.br
> >https://eng.registro.br/mailman/listinfo/caiu
> >
> >
> >--> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
> >
> >https://eng.registro.br/mailman/options/caiu
> _______________________________________________
> caiu mailing list
> caiu em eng.registro.br
> https://eng.registro.br/mailman/listinfo/caiu
>
>
> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>
> https://eng.registro.br/mailman/options/caiu
>
--
*ATT,Jonas Sampaio*Coordenação de Software.
Faculdade Dom Alberto (51) 21066362.
Mais detalhes sobre a lista de discussão caiu