+39 02 94750217 sales@tanaza.com

Over 485,000 Ubiquiti devices exposed to DDoS attack

Over 485,000 Ubiquiti devices exposed to DDoS attack

Ubiquiti Devices Exposed to DDOS Attack

Ubiquiti Networks is currently working on a fix for a recently discovered security issue affecting its devices. This security issue has been exploited by attackers since July 2018.

According to an internet scan conducted by US cyber-security firm Rapid7, this vulnerability affects over 485,000 devices around the world. Most of the exposed devices are located in Brazil, followed by the US, Spain and Poland.

The vulnerability is not specific to one Ubiquiti device, and is found on a wide variety of the vendor’s high-grade WISP equipment. The majority of the exposed Ubiquiti devices are NanoStation, AirGrid, LiteBeam, PowerBeam and NanoBeam products, and 17,000 of these devices have already been defaced.

Jon Hart, senior security researcher for Rapid7, states in a security alert that attackers are exploiting a “discovery service” running on port 10,001. Ubiquiti included it on its devices so that the company and internet service providers (ISPs) can use it to find them on the internet and in closed networks. This service has been exploited by attackers to carry out DDoS amplification attacks.

These attacks were first spotted by Jim Troutman, co-founder of NNENIX (Northern New England Neutral Internet Exchange). According to Troutman, attackers are sending small packets of 56 bytes to port 10,001 on Ubiquiti devices, that are reflecting and relaying the packets to a target IP address amplified to a size of 206 bytes.

The exploitation attempts are still in an initial stage but, according to Rapid7, the amplification factor – that is currently 3.67 – can go up to 30-35. Attackers could find a way to carry out DDoS attacks in excess of 1Tbps, which is described by Rapid7 as “a crippling amount of traffic to all but the most fortified infrastructure”.

At the moment this discovery protocol “does not appear to suffer from multi-packet responses”, as we read in Rapid7’s security alert. This makes exploitation extremely hard as attackers can only “reflect” small amounts of DDoS traffic.

Ubiquiti already announced that it was preparing a security patch even if, in its current form, the protocol does not seem to be particularly harmful.

“To our current knowledge, this issue cannot be used to gain control of network devices or to create a DDoS attack,” Ubiquiti Networks said. “As a temporary workaround for this issue while it is being investigated and resolved by the development team, network operators can block port 10,001 at the network perimeter,” the hardware maker added.

Even though the biggest exploitation attempts have only been discovered recently, Rapid7 said that the first attacks attempting to exploit Ubiquiti’s discovery service were detected last July, when several Ubiquiti users reported problems related to the access of SSH services on their Ubiquiti equipment.

Open Mesh acquired by Datto: what’s next for Open Mesh customers?

Open Mesh acquired by Datto: what’s next for Open Mesh customers?

Open Mesh acquired by Datto

At the beginning of 2017, Datto announced its acquisition of Open Mesh. In this article, we will find out what is going to change for Open Mesh customers after this acquisition from Datto.

About Open Mesh and Datto

Open Mesh Inc., one of the most popular makers of wireless networking devices in the SMB segment, has been acquired by Datto, a data protection vendor that sells its products exclusively through managed service providers. With this acquisition, Datto wants to broaden its offering in the networking sector with the launch of a new line of SMB-focused networking solutions.

The new Datto Networking line of products for small-to-medium sized businesses has incorporated both the Open Mesh wireless access points and Ethernet switching technologies and the existing Datto Networking Appliance and will be delivered exclusively through Datto’s global network of Managed Service Provider partners.

 

What will change for existing Open Mesh customers?

As of January 1st, 2019, customers can still purchase Open Mesh hardware through selected distributors and online resellers, with no recurring fees. However,  the availability of Open Mesh products is only limited to the remaining inventory.

All of the existing Open Mesh hardware has an end-of-life date of 3 years from the end-of-sale date. As for the most recent products, the end-of-life date is December 31, 2021. After that date, no more fixes and security updates will be released for Open Mesh products, and support will be no longer provided.

In the course of this acquisition, Datto Networking has adopted a pricing model which aligns to how MSPs sell their products and requires all new customers to pay a monthly recurring fee, unlike the one-time fee originally set by Open Mesh, which also included a free CloudTrax lifetime license.

Consequently, after the end-of-life date of their purchased products, all current Open Mesh customers are either being forced to upgrade to Datto Networking products and pay the related monthly fees or to switch to an alternative hardware solution. Both of these options represent significant additional costs that ultimately lead to a hardware CAPEX increase.

 

TanazaOS as the alternative to Datto Networking and CloudTrax

Group 8 Copy

Tanaza wants to help Open Mesh customers to continue using their hardware by making its latest product, TanazaOS, fully compatible with Open Mesh devices. TanazaOS will support Open Mesh access points as well as other hardware vendors, freeing WiFi service providers from vendors’ lock-in.

TanazaOS is a Linux-based Operating System for centralized network management. It was developed based on the disaggregation concept which embraces the open-source approach, where WiFi solution providers have the possibility to decouple their hardware choice from their software choice.

Furthermore, TanazaOS is flexible and unlimitedly scalable, and helps in delivering wireless networking faster.

Enterprises and service provider customers reduce complexities and get complete interoperability at a fraction of the cost of other WiFi solutions.

Open Mesh customers switching to TanazaOS from CloudTrax or Datto Networking will leverage from competitive lifetime license pricing, allowing them to dramatically save on their deployment costs, while also benefiting from a secure, reliable and always up-to-date operating system for WiFi cloud management.

By switching to TanazaOS, Open Mesh customers will be able to:

  • Enjoy a full set of professional features for WiFi management and control
  • Avoid Datto’s monthly fees
  • Easily migrate from CloudTrax/Datto Networking to TanazaOS thanks to the self-provisioning system and the cloud configuration
  • Save money when upgrading their hardware infrastructure as TanazaOS runs on many hardware vendors
  • Have access to learning materials and online support for troubleshooting
  • Benefit from additional features, as TanazaOS is constantly evolving, adding new capabilities such a Hotspot System.

If you are an Open Mesh user and want to know more about TanazaOS and its features, you can try the interactive demo to experience our cloud-based operating system to manage your Open-Mesh access points.

Update 2019: The list of supported OpenWRT Wireless Access Points Vendors

Update 2019: The list of supported OpenWRT Wireless Access Points Vendors

OpenWRT Wireless Access Points Vendors

The exponential growth in demand for wireless internet connectivity has led to the need, for companies in most business environments, to upgrade their Wi-Fi networking infrastructure.

Many companies within the networking industry aim at establishing lock-in barriers with high switching costs in order to make customers dependent on them. This approach progressively increases Wi-Fi deployment costs for organizations, slows down innovation and ultimately hinders the Wi-Fi user experience.

Recently, the networking industry has began shifting from operating as a proprietary closed system to a more flexible system. This shift to a more flexible, open system, occurred as a result of customer dissatisfaction due to high internet connectivity pricing, vendor lock-in, slow innovation, poor quality software, unforeseen charges for services that should have been included in the price of the product, to name a few.

At Tanaza, we believe that the current market conditions allow the disaggregation of hardware and software to occur also in the Wi-Fi networking market and create a disruption.

Tanaza is an vendor-alternative firmware, based on OpenWRT that supports a wide range of access points. OpenWRT is a Linux-based open source alternative firmware for embedded devices that enables the customization of wireless device, as a result of its fully writable filesystem with package management.

With OpenWRT, the network administrator can avoid being locked by the web interface or the web applications of the vendor.

 

Easy to install and to use, Tanaza may be the best option for you, if you are looking for an easy-to-use alternative firmware for your wireless device.

For more information about Tanaza and its wide range wide of supported access points, click here.

If you can’t find the vendor you are looking for, you can make a request and ask to Tanaza to support a new access point.

 

To see the full list of access point vendors compatible with OpenWRT, check below. 

WiFi 6: the next generation of WiFi

WiFi 6: the next generation of WiFi

WiFi 6: the next generation of WiFi

The next standard for wireless LANs, IEEE 802.11ax, has been conceived to transmit data faster, to better allocate bandwidth among several devices connected to a WiFi network and to more reliably deliver high-bandwidth applications (such as video streaming) than its predecessor, 802.11ac, also known as WiFi 5.

The new naming standard

The 802.11ax specification, also known as ‘high-efficiency wireless’, will be commonly referred to and marketed as WiFi 6.

This is a new naming standard set by the Wi-Fi Alliance®, with previous generations now being retroactively labelled as WiFi 5 (802.11ac) and WiFi 4 (802.11n). This new labelling convention will appear on devices as shown in the image below.

WiFi new naming convention by the Wi-Fi Alliance: WiFi 6, WiFi 5 and WiFi 4

This naming scheme is aimed at making it simpler for final consumers to recognize which of the IEEE 802.11 standards each WiFi device supports.

Faster data transfer speeds

WiFi 6 will have a single-user data rate that is about 40% faster than 802.11ac by virtue of a more efficient data encoding, resulting in a higher throughput: more data is packed into the same radio waves, and the chips that encode and decode the signals will increasingly get more powerful and will be able to handle the additional work.

The new standard also improves the performance on 2.4GHz networks that, despite the large investments of the industry on the 5GHz band to reduce interferences, is still better at penetrating physical obstacles.

WiFi 6’s predecessor, 802.11ac, only uses bands in the 5GHz spectrum; the new standard operates across both frequencies and will eventually expand this spectrum to include bands in 1GHz and 6GHz when they become available.

 

Better performance in dense environments

WiFi performance tends to get worse in crowded locations, such as stadiums, airports, malls and offices, where many WiFi enabled devices are connected to the network at the same time.

The new WiFi 6 incorporates many new technologies to overcome this issue, and according to Intel, it will improve each user’s average speed by at least four times in congested areas.

WiFi 6 can divide a wireless channel into a large number of subchannels, and each of these subchannels can carry data intended for a different device. This is achieved through the Orthogonal Frequency Division Multiple Access (OFDMA), a modulation scheme which allows for resource unit allocation and will boost capacity, reduce latency and improve efficiency by allowing as many as 30 users at once to share the same channel. This technology is not a part of WiFi 5, which has regular OFDM; OFDMA is compared as a multi-user version of OFDM.

The new wireless standard has also an improved version of multi-user or MU-MIMO. Wi-Fi 5 Wave 2 introduced Multi-User MIMO, but it only supports four simultaneous connections on downstream (one on upstream). Wi-Fi 6 will instead be able to handle eight streams of data in either uplink or downlink, offering four times the maximum theoretical throughput of Wi-Fi 5 and supporting more users at once.

Wifi 6 Technologies MuMiMo and OFDMA

Image Source: Qualcomm

Extended battery life for client devices

The new Target Wake Time (TWT) feature enables access points to tell to connected devices when and how frequently they have to “wake up” to send or receive data, reducing power consumption and improving spectral efficiency. This technology will be very useful for both mobile and IoT devices, allowing them to effectively increase their sleep time and consequently extend their battery life.

Target Wake Time, in addition to saving power on the client device side, also enables wireless access points and devices to define and negotiate specific times to access the medium, reducing contention and overlap between users.

Target Wake Time (TWT) Feature

Image source: Qualcomm

When will we get WiFi 6?

While some routers already advertise “802.11ax technology” and many products supporting WiFi 6 were presented during CES 2019, 802.11ax WiFi won’t be finalized until the end of 2019. There also aren’t any WiFi 6 client devices available yet, so so these routers won’t bring any benefits to consumers before the transition is done: indeed, both the sender and the receiver need to support the latest generation of WiFi to gain the advantages.

The five most used access points by Tanaza’s customers in 2018

The five most used access points by Tanaza’s customers in 2018

The Five Access Points Most Used by Tanaza’s Customers in 2018

Tanaza multi-vendor’s approach allows WiFi professionals to choose the hardware they want to work with when designing their WiFi network infrastructures.

Tanaza supports many brands from consumer-grade access points to enterprise-grade wireless devices, facilitating ISPs and MSPs to develop public WiFi hotspots in different sectors like hospitality, education, healthcare, retail, public places etc.

The ten brands the most used by our customers are:

 

Ubiquiti   –  Tp-link –  Open-mesh –  Mikrotik  –  D-link  –  Linksys  –  Intelbras  –  Wi-Next  –  LigoWave  –  EnGenius

 

To help its customers, Tanaza developed the Access Point Selector, a free tool that allows WiFi professionals to select the best hardware according to their WiFi project.
In three simple steps, select the location, the size of the location and the level of service you want to offer, you will access a complete list of wireless devices. In addition, the tool will provide you with relevant information such as the required number of units, the number of concurrent users per unit and the cost of each device.

Tanaza multi-vendor’s aspect empowers the hardware by delivering to the device a professional set of features for WiFi cloud management. Below, you can find the list of the five most used hardware by our customers in 2018. 

400 unifi

Ubiquiti UniFi LR

Radio

2.4 GHz (B/G/N)

Max Power (2.4 GHz)

20 dBm / 100 mW

Radiation Shape

Sector

Installation

Ceiling

Power Supply

PoE

400 tlwr841ndv13

TP-Link TL-WR841N/ND

Radio

2.4 GHz (B/G/N)

Max Power (2.4 GHz)

21 dBm / 126 mW

Radiation Shape

Omni

Installation

Desktop

Power Supply

DC

400 om2phsv3

OpenMesh OM2P

Radio

2.4 GHz (B/G/N)

Max Power (2.4 GHz)

23 dBm / 200 mW

Radiation Shape

Omni

Installation

Desktop;Wall

Power Supply

DC;PoE

400 rb951ui2hnd

MikroTik RB951UI-2HnD

Radio

2.4 GHz (B/G/N)

Max Power (2.4 GHz)

20 dBm / 100 mW

Radiation Shape

Omni

Installation

Desktop

Power Supply

DC;PoE

400 nanolocom

Ubiquiti NanoStation Loco M2

Radio

2.4 GHz (B/G/N)

Max Power (2.4 GHz)

23 dBm / 200 mW

Radiation Shape

Omni

Installation

Pole

Power Supply

PoE

CES 2019: four interesting innovations in the wireless devices industry

CES 2019: four interesting innovations in the wireless devices industry

CES 2019 - Global Stage for Innovation

CES is one of the biggest meetings for businesses of consumer technologies to present their new products and speak about the main innovations. During four days, more than 4K companies including manufacturers, developers, and suppliers of consumer technology hardware meet to exhibit their products and share their thoughts about their industry.

This year, the CES takes place in Las Vegas from the 8th to the 11th of January.

 So, what’s new? What are the main innovations within the wireless industry for 2019?

We made a list of notable products presented during the CES 2019. This list is not exhaustive.

The new D-Link 5G NR Enhanced Gateway, probably one of the best WiFi routers of CES 2019

D-Link, the Taiwanese networking company, launched its new WiFi router, the D-Link 5G NR Enhanced Gateway that allows super-fast wireless 5G internet data for home WiFi. It is conceived to receive a super-fast wireless 5G signal from any internet service provider and deliver internet to home connected devices. This D-Link WiFi router supports a faster form of 5G than the current Verizon 5G network (which is a 300 megabit-per-second speed network).
Even if 5G home internet network is still at an early stage of development, this D-Link WiFi router is probably one of the best WiFi routers presented to the CES 2019. This WiFi router will be available on the market in the second half of 2019.

TP-Link and its first family of WiFi 6 routers

TP-Link, the Chinese manufacturer networking products, unveiled its first WiFi 6 routers.
As we mentioned in a previous article, the WiFi alliance recently simplified the names for wireless standards, and the new generation of WiFi, WiFi 6 (802.11ax), is starting to arrive. TP-Link presented to the CES 2019 its first WiFi 6 routers: six wireless devices in total, varying from high-end routers to extenders, all using the new wiFi 6 standard in order to deliver better and faster internet. TP-Link is the first manufacturer of networking products to announce that their wireless devices will support WiFi 6.
WiFi 6 new standard should be launched throughout the year so these routers won’t bring any benefits to consumers before the transition is done and that consumer devices support WiFi 6.

Netgear Orbi mesh router will support WiFi 6

Netgear, the multinational computer networking company, is the second manufacturer to announce the release of WiFi 6 routers in the second-half of 2019.
The Orbi Mesh System will get an update and be able to receive WiFi 6 signal. Netgear announced that WiFi 6 devices will be fast enough to provide gigabit Ethernet speeds over a wireless networking signal. The update will come with the Netgear’s series of hardware RBK50.

MediaTek presents its new connectivity chipset with the latest WiFi 6 standard

MediaTek is a Taiwanese semiconductor company that provides chipset for wireless communication.  During the CES 2019, MediaTek reveals its new chipset that will be compatible with the latest WiFi standard: WiFi 6.
The chipset will prioritize traffic, bandwidth and user demands while delivering the new WiFi 6. The chipset will also support multi-user MIMO, increasing the channel capacity per device on a given network. Last but not least, it will allow for Orthogonal Frequency Division Multiple-Access (OFDMA), optimizing activities, such as social media, youtube, Netflix, on a given network. This new chipset is designed for the new generation of WiFi 6 routers, access points and repeaters.