HELP- Netonix Virus?

DOWNLOAD THE LATEST FIRMWARE HERE
User avatar
sirhc
Employee
Employee
 
Posts: 7398
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1604 times
Been thanked: 1322 times

Re: HELP- Netonix Virus?

Tue Aug 06, 2024 1:24 pm

rockhead wrote:So this 'symptom' appeared in the log on a unit that was cleaned and upgraded to 1.5.16 ...


Yes if you read the thread you would know v1.5.16 does not fix it

There is a v1.5.17rc1 which helps and prevents THIS hack from running. We are working on a complete fix to plug the hole and will be released as soon as possible.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
Stephen
Employee
Employee
 
Posts: 1013
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 81 times
Been thanked: 178 times

Re: HELP- Netonix Virus?

Wed Aug 07, 2024 2:23 pm

Quick update. rc2 is coming along, it has several dramatic upgrade's that should greatly improve the security of the switch, we are hoping to have it ready soon, ideally, by the end of this week.

User avatar
Stephen
Employee
Employee
 
Posts: 1013
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 81 times
Been thanked: 178 times

Re: HELP- Netonix Virus?

Fri Aug 09, 2024 1:02 pm

rc2 is now up. These upgrades should hopefully close this hole.

However, please read the release notes before upgrading:
viewtopic.php?f=17&t=8069

rc2 download - firmware/wispswitch-1.5.17rc2.bin

User avatar
sdwisp
Member
 
Posts: 20
Joined: Tue May 19, 2015 11:21 am
Location: San Diego Ca
Has thanked: 4 times
Been thanked: 3 times

Re: HELP- Netonix Virus?

Mon Aug 26, 2024 12:45 pm

Hacked again this morning right at midnight running 1.5.17rc2. Anyone have have a fix for this? same log
restarting lighttpd
Jan 2 09:31:14 monitor: restarting vtss_appl
Jan 2 09:31:49 monitor: restarting vtss_appl
Jan 2 09:32:13 monitor: restarting vtss_appl
Jan 2 09:32:49 monitor: restarting vtss_appl
Jan 2 09:33:02 monitor: restarting vtss_appl
Jan 2 09:33:38 monitor: restarting vtss_appl
Jan 2 09:33:50 monitor: restarting vtss_appl
Jan 2 09:35:01 monitor: restarting vtss_appl
Jan 2 09:35:01 monitor: restarting shellinaboxd


All time/date and power settings are also now wrong
Eric Williams
619-468-9600

SDWISP

User avatar
sirhc
Employee
Employee
 
Posts: 7398
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1604 times
Been thanked: 1322 times

Re: HELP- Netonix Virus?

Mon Aug 26, 2024 1:29 pm

You had the FBI page?
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
sdwisp
Member
 
Posts: 20
Joined: Tue May 19, 2015 11:21 am
Location: San Diego Ca
Has thanked: 4 times
Been thanked: 3 times

Re: HELP- Netonix Virus?

Mon Aug 26, 2024 2:34 pm

No, there is no FBI page this time but same virus... high cpu and same log
Eric Williams
619-468-9600

SDWISP

allstarcomps
Member
 
Posts: 5
Joined: Fri Aug 02, 2024 9:50 pm
Has thanked: 0 time
Been thanked: 1 time

Re: HELP- Netonix Virus?

Mon Aug 26, 2024 8:26 pm

Same hack different IP: 209.141.51.21 DNS: mails0.lillekarrmaleri.se

Netonix switches with outbound connections to that IP on port 36508.

we changed the firewall to block outbound connections to 36508.

User avatar
sirhc
Employee
Employee
 
Posts: 7398
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1604 times
Been thanked: 1322 times

Re: HELP- Netonix Virus?

Tue Aug 27, 2024 10:20 am

It's not the same vulnerability, that has been patched.

Are your switches on accessible IPs and if so are you using the access control list? If not someone can be pounding your switch trying to access it which can burry the small embedded cpu and bad things can happen.

Are you polling this switch with SNMP, if so how often. You should not poll the switch more then once every minute as the switches little cpu gets overwhelmed and bad things happen.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

bryant
Member
 
Posts: 1
Joined: Tue Aug 27, 2024 1:52 pm
Has thanked: 0 time
Been thanked: 0 time

Re: HELP- Netonix Virus?

Tue Aug 27, 2024 1:58 pm

We have also had to cases of the FBI warning pop occur and as of today we had the following:

hello netonix staff team, the vulnerability is for sale contact me on session to negotiate: "05362fccbb42e38b5f7ab3568801dc688c41ca97589ec58bead6535823cc8ccc26"


Do we know what the specific root cause is and when a permanent fix is coming?

User avatar
sirhc
Employee
Employee
 
Posts: 7398
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1604 times
Been thanked: 1322 times

Re: HELP- Netonix Virus?

Tue Aug 27, 2024 2:16 pm

bryant wrote:We have also had to cases of the FBI warning pop occur and as of today we had the following:

hello netonix staff team, the vulnerability is for sale contact me on session to negotiate: "05362fccbb42e38b5f7ab3568801dc688c41ca97589ec58bead6535823cc8ccc26"


Do we know what the specific root cause is and when a permanent fix is coming?


The vulnerability that caused the fake FBI page HAS BEEN FIXED in v1.5.17rc2

The cause was a vulnerability in the following modules we use: lighttpd and openssl

We upgraded those modules in v1.5.17rc2

If your running v1.5.17rc2 then your good.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

PreviousNext
Return to Hardware and software issues

Who is online

Users browsing this forum: No registered users and 6 guests