[nsp-sec] UBNT airOS worm in the wild
Dominik Bay
db at rrbone.net
Mon May 16 17:59:30 EDT 2016
On 05/16/2016 11:54 PM, John Brown wrote:
> So is the following a correct set of statements:
>
> If the UBNT device is on a public address (non-rfc-1918) then risk is
> virtually unlimited.
> If the UBNT device is on a PRIVATE (RFC-1918) address then the risk is
> related to a host PC with access to that RFC1918 space ?
> Ergo, a WISP that runs the management address in RFC1918 space and
> doesn't NAT it to the outside.....
I would agree. We have our wireless backhaul in a seperate management
network and we do not see this type of infection.
> One of their subscriber machines would have to trigger the "infection"
> on that providers internal network..
Yes, it somehow needs to get to the airOS device and back into the Internet.
-dominik
--
rrbone UG (haftungsbeschraenkt) - Ruhrallee 9 - 44139 Dortmund
HR B 23168 Amtsgericht Dortmund - Geschaeftsfuehrer: Dominik Bay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3673 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20160516/80c18456/attachment.p7s>
More information about the nsp-security
mailing list