Nope, seems to be 1000’s or 180’s
Wonderful… just wonderful…
What about the snmp string?
In the radio Configuration > System > Simple Network Management Protocol
There is a Read-Only string and a Read-Write string.
I can start changing them one by one
Seems to me that if the radios get re-hacked after being defaulted then going through and changing the DNS settings won’t fix will it ? Won’t the hack just change it back like it does when you default/reconfigure ?
Edit: So I went looking for DNS traffic on our network to/from those two IP addresses and did not find them , and this made me happy. But then I started monitoring all DNS and filtered out all that I recognized (google, hurricane, cogent, opendns etc… etc…). Wasn’t a lot of them that looked suspect so I started hunting down each radio and logging in to see if the DNS had been changed.
I found one on our network An old force 180 that was installed in 2015 and I don’t have any records of us ever replacing it so hopefully at some point over the years some setting got defaulted by a software upgrade or maybe it escaped a config change over the years… A guy can hope can’t he ?!?
I contacted the customer, he said for the last week or so their Apple devices had not been able to access any secure websites and while their TV’s/Rokues worked their windows / android devices were bringing up Spam sites when they would try to bring up web pages.
I blocked their radio at the AP network and I’m going out to replace it with a 300-16 right now and hope the 300-16 isn’t vulnerable.
The DNS settings on this radio was
194.9.70.168
45.129.97.29
Just so it’s searchable I’m listing the DNS addresses you screen capped.
31.172.78.104
87.236.146.187
Not that it matters but all 4 IP addresses tracert/whois to Russia and Ukraine.