02-01-2019 06:36 PM
I heard about the information disclosure including local subnet details that could affect some ubiquiti products and noted that there were some unifi products on the list. Ie APs.
Could you confirm if the usg is potentially at risk from this kind of information disclosure attack?
If so can this be mitigated in configuration?
02-01-2019 10:06 PM
No UniFi devices reply to that traffic when adopted. USG has never replied WAN-side to that in a default state either.
In factory default state in many years outdated firmware, UAP could respond if UDP 10001 was port forwarded to it, or the AP has a public IP directly-assigned (both nearly non-existent circumstances, hence the tiny numbers relative to the millions of them out there). Newer firmware versions won't reply to a public IP in default state.
02-04-2019 04:11 PM
Can USG devices act in the DDOS scheme described in the press? Or is it Edge Router and other items that are affected?
Here, for Edge Router people are being told to shut of discovery...
This is the supposed work around to the UDP port amplification attack. All in all - not a security risk to us, but since man are on limited traffic bandwidth, the amplified output counts toward our quota. Not to mention we involuntarily participate in these DDOS nets.
02-06-2019 04:56 AM
USG does not reply to that traffic at all, so the amplification is irrelevant even if you opened up 10001 on your WAN_LOCAL rules. It would just be ignored.