Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

Regular Member
Posts: 379
Registered: ‎02-16-2016
Kudos: 142
Solutions: 9

Nanostation 5 Malware?

It looks like two of my nanostations may well have fallen for some kind of malware (both in the same subnet, connected to each other).


I can ping them, I can query them with SNMP, and they pass traffic, but I can't log into them on normal ports for http/https/ssh. Unfortunately, I don't recall what software version they were on last time I could access them. 


I eventually resorted to running some port scans of one of them; this looks a little odd (see attached NMAP xml saves). 

In particular, it seems to be running SSH on a non-standard port (9132), and there seem to be services running on UDP that I wouldn't necessarily expect: 


443/udp open|filtered https
684/udp open|filtered corba-iiop-ssl
776/udp open|filtered wpages
1030/udp open|filtered iad1
1050/udp open|filtered cma
9000/udp open|filtered cslistener
18821/udp open|filtered unknown
20518/udp open|filtered unknown
49170/udp open|filtered unknown
49176/udp open|filtered unknown
49184/udp open|filtered unknown
50099/udp open|filtered unknown


Irritatingly, they're in very inaccessible locations. 

Posts: 13,744
Registered: ‎06-18-2010
Kudos: 3940
Solutions: 1410

Re: Nanostation 5 Malware?

Nanostation 5, or M5? If it's 5, you need to be on firmware 4.0.4

If it's M5, you need firmware 5.6.2 or later. See here:

Occam was Right; more than two blades is just silly
Regular Member
Posts: 379
Registered: ‎02-16-2016
Kudos: 142
Solutions: 9

Re: Nanostation 5 Malware?

[ Edited ]

Thanks, flipper - I strongly suspect I'm going to be climbing on some roofs soon for some factory reset action...!


It's a shame the malware script doesn't offer to "brute force" through known malware login credential variants. Helpfully, none of the ones I'm aware of worked, nor did our original logins. :/