Nanostation 5 Malware?
It looks like two of my nanostations may well have fallen for some kind of malware (both in the same subnet, connected to each other).
I can ping them, I can query them with SNMP, and they pass traffic, but I can't log into them on normal ports for http/https/ssh. Unfortunately, I don't recall what software version they were on last time I could access them.
I eventually resorted to running some port scans of one of them; this looks a little odd (see attached NMAP xml saves).
In particular, it seems to be running SSH on a non-standard port (9132), and there seem to be services running on UDP that I wouldn't necessarily expect:
443/udp open|filtered https
684/udp open|filtered corba-iiop-ssl
776/udp open|filtered wpages
1030/udp open|filtered iad1
1050/udp open|filtered cma
9000/udp open|filtered cslistener
18821/udp open|filtered unknown
20518/udp open|filtered unknown
49170/udp open|filtered unknown
49176/udp open|filtered unknown
49184/udp open|filtered unknown
50099/udp open|filtered unknown
Irritatingly, they're in very inaccessible locations.
Nanostation 5, or M5? If it's 5, you need to be on firmware 4.0.4
If it's M5, you need firmware 5.6.2 or later. See here:
Thanks, flipper - I strongly suspect I'm going to be climbing on some roofs soon for some factory reset action…!
It's a shame the malware script doesn't offer to "brute force" through known malware login credential variants. Helpfully, none of the ones I'm aware of worked, nor did our original logins. :/