Unifi WARNING TO ALL UNIFI USERS, Threat warning, read inside
|
|
 May 29 2010, 12:28 PM
|
 
Senior Member
603 posts Joined: Dec 2008 
|
QUOTE(Sting Ray @ May 29 2010, 10:07 AM) hi rizvanrp, under the secondary administrator account is there any option to allow VPN passthrough ? my wife's VPN connection problem is still not resolved and Unifi service centre didn't respond to my emails at all. Register an account with DynDNS, and let us see what you have there in your DLink router.    |
|
|
|
|
|
May 29 2010, 12:48 PM
|
Senior Member
1,027 posts Joined: May 2008
|
not understand
got simple explanation? |
|
|
May 29 2010, 12:56 PM
|
Junior Member
518 posts Joined: Aug 2005
|
Hell tmnut is simply trying to lock us in using their own router.I don't want tmnut to keep monitoring what i am doing on the internet.Invasion of privacy...
Damn i hate it when companies use such tactics to cheat us and won't let us change the damn router....  Btw please do not uncap the connection.It is a serious breach of contract and it is considered stealing...a criminal offence.Probably means jailtime  |
|
|
May 29 2010, 01:36 PM
|
Senior Member
1,743 posts Joined: Jul 2006 From: Shah Alam  
|
why is lan port 4 mapped to WAN 2?
|
|
|
May 29 2010, 01:45 PM
|
|
Senior Member
603 posts Joined: Dec 2008
|
QUOTE(heizad @ May 29 2010, 01:36 PM) why is lan port 4 mapped to WAN 2? That port is used to connect with the IPTV STB.As you can see they have 2 WAN profiles created one for the dedicated IPTV using VLAN 600 and the first WAN profile is for your internet. With the new global admin account, you'll gain access to all these.You can assign more WAN profiles for each port as well if you wanted. |
|
|
May 29 2010, 01:46 PM
|
|
Senior Member
1,743 posts Joined: Jul 2006 From: Shah Alam
|
QUOTE(iipohbee @ May 29 2010, 01:45 PM) That port is used to connect with the IPTV STB. just logged in using the global acc As you can see they have 2 WAN profiles created one for the dedicated IPTV using VLAN 600 and the first WAN profile is for your internet. With the new global admin account, you'll gain access to all these.You can assign more WAN profiles for each port as well if you wanted.  btw thx for the heads up  |
|
|
|
|
|
May 29 2010, 01:48 PM
|
 
Elite
195 posts Joined: Sep 2006 
|
QUOTE(kons @ May 29 2010, 09:10 AM) It's normal for UniFi or normal DSL broadband. It's bad in this case because the router runs BusyBox. You can sniff the traffic running on other people's home networks.. and since the router runs an SSH daemon (dropbear), you can use it to setup an open/closed SOCKS proxy on their routers and forward data through their connections. Not to mention these are high speed 5-20mbps links..Those guys who installed the riger modems at my new house last time also enabled remote management and locked out the admin mgmt account. I have replaced them straight away. As long as it's RJ45/RJ11, I guess it's always possible to use our own equipment. If I compromised all those nodes I would have 3Gbps of bandwidth at minimum to use as a botnet (assuming everyone is on 5mbps at the very least). |
|
|
May 29 2010, 01:52 PM
|
Senior Member
860 posts Joined: Nov 2008
|
QUOTE(ahpek26 @ May 29 2010, 12:15 PM) Ops they're going to tell you about this but hey, your guinea pigs and test subjects which is on the "need to know only" basis. Plus even if they tell you about it, its not like most unifail customers would care since they don't get tech stuff like this. thats why someone SHOULD write the batch script and blow everything into pieces to teach TM a lesson for taking advantage of those non-techsavvy |
|
|
May 29 2010, 02:09 PM
|
|
Senior Member
603 posts Joined: Dec 2008
|
QUOTE(rizvanrp @ May 29 2010, 01:48 PM) It's bad in this case because the router runs BusyBox. You can sniff the traffic running on other people's home networks.. and since the router runs an SSH daemon (dropbear), you can use it to setup an open/closed SOCKS proxy on their routers and forward data through their connections. Not to mention these are high speed 5-20mbps links.. Well Rizvanrp, how did you know they did not exploited the backdoor from day 1 in the first place?If I compromised all those nodes I would have 3Gbps of bandwidth at minimum to use as a botnet (assuming everyone is on 5mbps at the very least). The existence of a botnet within TM's network has been known since Streamyx time with DPI tracking technologies such as Phorm,121media as such. It's true that there's something going on behind TM's network. When doing secure transactions such as online payment as such I still feel safer using other prepaid isps such as Umobile, Jaring, DiGi Broadband or even Maxis. |
|
|
May 29 2010, 02:21 PM
|
|
Elite
195 posts Joined: Sep 2006
|
@iipohbee
I don't think they would need to since they're the ISP.. they have logs on their side. But honestly, this is a bad case security through obscurity. You tell all your customers there's only 1 user/pass to access the router, you tell all your technicians who install for the customers the same thing (even those who are doing Unifibiz installs).. then it turns out there's a second user/pass combo and this user/pass has a higher access level. At least I found this <2 months into the launch and people will be aware of this now. I actually just thought of leaving it be because it would be too much trouble to fix.. but I'm not the only guy who's decent with security/networking here and if this came out once Unifi's as popular as Streamyx .. good f-ing game sir. I actually hate this more than when they were throttling BT. At least with a BT throttle my home network is still secure. Not to mention they had me running around like a dog trying to find a way to let people use their own routers when it was possible all along. I honestly don't know what the hell was running through the minds of the people who set this up. |
|
|
May 29 2010, 02:32 PM
|
|
Senior Member
603 posts Joined: Dec 2008
|
QUOTE(rizvanrp @ May 29 2010, 02:21 PM) @iipohbee Yes they do have logs on their side but they needed tools to dig further and understand the behaviors of their users.I don't think they would need to since they're the ISP.. they have logs on their side. But honestly, this is a bad case security through obscurity. You tell all your customers there's only 1 user/pass to access the router, you tell all your technicians who install for the customers the same thing (even those who are doing Unifibiz installs).. then it turns out there's a second user/pass combo and this user/pass has a higher access level. At least I found this <2 months into the launch and people will be aware of this now. I actually just thought of leaving it be because it would be too much trouble to fix.. but I'm not the only guy who's decent with security/networking here and if this came out once Unifi's as popular as Streamyx .. good f-ing game sir. I actually hate this more than when they were throttling BT. At least with a BT throttle my home network is still secure. Not to mention they had me running around like a dog trying to find a way to let people use their own routers when it was possible all along. I honestly don't know what the hell was running through the minds of the people who set this up. They could use this to clear up logs in your modem, clean out evidences and take control of your usage. I guess this idea was thought by one of their planning R&D team for pre-emptive measures. Those who have access to their DPI servers. |
|
|
May 29 2010, 02:42 PM
|
Senior Member
1,914 posts Joined: Jan 2003 From: New Selangor ^.^Y
|
heh, lucky the first day i already disabled remote admin
|
|
|
May 29 2010, 02:55 PM
|
|
Elite
195 posts Joined: Sep 2006
|
CODE BusyBox v1.00 (2009.12.23-07:29+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. # ifconfig br0 Link encap:Ethernet HWaddr -hidden- inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:86488217 errors:0 dropped:0 overruns:0 frame:0 TX packets:96746664 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2358979520 (2.1 GiB) TX bytes:2086808986 (1.9 GiB) br2 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:125967376 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3015485720 (2.8 GiB) TX bytes:0 (0.0 B) eth2 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:224355660 errors:0 dropped:0 overruns:0 frame:0 TX packets:89240917 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:60425356 (57.6 MiB) TX bytes:740660944 (706.3 MiB) Interrupt:3 eth2.11 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:736540 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:122513467 (116.8 MiB) eth2.12 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:736540 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:122513467 (116.8 MiB) eth2.13 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:736540 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:122513467 (116.8 MiB) eth2.14 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) eth2.500 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:98379123 errors:0 dropped:0 overruns:0 frame:0 TX packets:87031297 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1981289064 (1.8 GiB) TX bytes:359594081 (342.9 MiB) eth2.600 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:125976528 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3528091028 (3.2 GiB) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:938 errors:0 dropped:0 overruns:0 frame:0 TX packets:938 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:134414 (131.2 KiB) TX bytes:134414 (131.2 KiB) ra0 Link encap:Ethernet HWaddr -hidden- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:72228903 errors:0 dropped:0 overruns:0 frame:0 TX packets:94474366 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:611831149 (583.4 MiB) TX bytes:927019935 (884.0 MiB) Interrupt:4 # # brctl show bridge name bridge id STP enabled interfaces br2 8000.-hidden- no eth2.600 br0 8000.-hidden- no eth2.11 eth2.12 eth2.13 ra0 # This is the shell from a Unifi user's router. Takes only 5 seconds to get this access. One interesting thing to note is they have 4 additional VLANs that are not in the UI or that I've seen being used before.. VLAN 11/12/13/14 on the WAN interface. Then for some reason, they've bridged three of these VLANs to the wireless interface on the router (MACs are -hidden- by myself). These VLANs are just broadcasting data. QUOTE(Sting Ray @ May 29 2010, 10:07 AM) hi rizvanrp, under the secondary administrator account is there any option to allow VPN passthrough ? my wife's VPN connection problem is still not resolved and Unifi service centre didn't respond to my emails at all. Nope, but using this account you can use whatever router you want with Unifi by using the DIR-615 as a VLAN bridge.Another interesting thing :  TR-069 protocol is enabled by default and hidden from the 'admin' account. Connects to a remote server and sets up a listener on your own router. Don't know what the implications of this are.. yet. Anyway time to sleep, so bloody exhausted  This post has been edited by rizvanrp: May 29 2010, 03:04 PM |
|
|
|
|
|
May 29 2010, 03:01 PM
|
|
Senior Member
1,914 posts Joined: Jan 2003 From: New Selangor ^.^Y
|
shit...now that you mention it, i manage to find that account in 5 minute O.o
TM screw up big time on this |
|
|
May 29 2010, 03:05 PM
|
|
Elite
195 posts Joined: Sep 2006
|
QUOTE(skincladalien @ May 29 2010, 03:01 PM) shit...now that you mention it, i manage to find that account in 5 minute O.o Yeap.TM screw up big time on this |
|
|
May 29 2010, 03:12 PM
|
Senior Member
2,104 posts Joined: Oct 2006
|
QUOTE(sg999 @ May 29 2010, 12:48 PM) not understand simple answer ? ur network is open to TM.. got simple explanation?  and they know if u are downloading po*nThis post has been edited by ciohbu: May 29 2010, 03:14 PM |
|
|
May 29 2010, 03:17 PM
|
Senior Member
1,939 posts Joined: Apr 2007
|
this needs to go to the press lo~
|
|
|
May 29 2010, 03:18 PM
|
|
Junior Member
518 posts Joined: Aug 2005
|
QUOTE simple answer ? ur network is open to TM.. thumbup.gif and they know if u are downloading po*n Is it even legal for them to monitor your internet usage like that instead of just logs on their side? |
|
|
May 29 2010, 03:34 PM
|
|
Senior Member
2,104 posts Joined: Oct 2006
|
QUOTE(Neptern @ May 29 2010, 03:18 PM) Is it even legal for them to monitor your internet usage like that instead of just logs on their side? i am not sure about legal stuff, but if network admin go too far into ur network, i think that's against the privacy .. its like telco monitor wat u talk in every phone call.. |
|
|
May 29 2010, 03:39 PM
|
|
Senior Member
974 posts Joined: Jan 2009
|
I think this should be reported to MCMC and MYCERT.
|
|
Topic ClosedOptions
|
| Change to: |  0.0229sec
 0.25
 6 queries
 GZIP Disabled
Time is now: 1st December 2025 - 11:35 PM |
Quote