Facebook RSS
formats

The Brothers WISP 101 – Cheap OTDR, UBNT Data Collection, IPv6 Tracing



This week Greg,Tomas, Nick, and Tommy talk about networking and listen to traffic driving by Tomas’ house.

This week we talk about:
– George A had a cheap SM OTDR he likes…I wonder if he still does?
– Use caution with cambium 3000s and it looks like 4.4.2 firmware is “pretty good” so far.
Several of us have played with the Mikrotik Audience so far: Review sample from ISPSupplies!
– IPv6 tracing – imcpv6 vs. udp
– Unifi LTE – LTE gateway
– Unifi Dream Machine – new router AP for the house
– Ubiquiti UAP-Beacon HD mesh AP
– UBNT stealthily enables data collection
– Why does Nick B maintain so many random domains?
– Tomas is introducing a “Linux-desktop-only” policy at Unimus – should be fun times…

Here’s the video:(if you don’t see it, hit refresh)

formats

The Brothers WISP 100 – MTK Route Cache, Virtual Routers, Fortnite End Event



This week Greg, Mikey, Tomas, Cox, Thrift, Miller, Alex, Tom, and new friend Serena get deep on some interesting tops and reflect on 100 episodes over 7 years.

This week we talk about:
– Michael Ducharme – route cache update. Stale routes could be cached for months. Subnets deleted from a router still cache network and broadcast addresses for months and those IPs are unreachable.
– Fortnite END event
– Zayo sets local preference on customer connections to 200 by default…dirty rascals.
Virtual router efficiencies. Mikrotik is better on vmware in v6 kernal due to old drivers.
VLAN 1002-1005 in Cisco is a no-go.
Nvidia (new version out now!) shields for streaming. (and plex!)
– Reflections on 100 episodes over 7 years.

Here’s the video:(if you don’t see it, hit refresh)

formats

The Brothers WISP 99 – Pi4 Speedtest, Fiberstore Switches, NTLM Takeover



This week Greg, Mikey, and Tomas do the dirty minutes before everyone leaves for WISPAPALOOZA; have fun errbody!

This week we talk about:
Nick A got married; oh to be young and in love.
Quote of the week “He doesn’t pay me enough to shut up.” – John Osmon
The slack recommends 4 port Intel SFP+ interfaces(x710-da4).
Thomas recommends a Pi4 for projects that need to do a gig for remote BW tests
Thrift says: disabling route cache will cause you more problems than it solves. V7 has no route-cache in kernel.
Mikrotik broadcast/multicast storms can make the router inaccessible, but may not lock it up.
Thomas says : virtually all models of FiberStore switches have different firmware/CLI/syntax
Carlan has an interesting idea to vinyl wrap antennas to have them blend in
Matt Whitely shares viso cafe free stencils
Carlan also shares yEd graphing…has some neat auto spacing options
Ubiquiti unifi flexHD access point
Greg’s Lincoln Log PC
WISPAPALOOZA
Security:
Cisco ASA DoS
Win NTLM domain takeover
“Automation Thinking”

Here’s the video:(if you don’t see it, hit refresh)

formats

The Brothers WISP 98 – Warshipping, LACP Hashing, Switch Port Security



This week Greg, Mikey, and Tomas do a lot with a little, and at the end we get a patented Mike rant in place of the normal Tomas one LOL

This week we talk about:
Warshipping
WISPAPALOOZA 2019
Mikoritk trolled us with the “new hardware found in new NPK file”…thanks Obama
ROS v7 alpha 2 out, CHR release available
Colin asks about 802.3ad(LACP) and how to distribute traffic. Transmit hasing, bro.
Mikrotik CSS port security – lock on first, no other options.
Chad had random reboot issues 6.44.5 long term- official response “might be bonding issue fixed in 6.45”
Jeremy asks about notification systems: pagerduty, opsgenie, victorops, email to sms
NetXMS 3.0 released
Mike complains about municipalities and fiber – he complains about everything

Here’s the video:(if you don’t see it, hit refresh)

formats

The Brothers WISP 97 – Passive PoE Thievery, Mikrotik Extreme Performance, RouterOS Version 7



This week Greg, Mike, Tommy C, Andrew Thrift and Andrew Cox join their voices in chorus; we’ve been working on our acapella. Unfortunately someone didn’t wear headphones while recording so the audio is back to it’s old self…we’ll be back to normal next cast.

This week we talk about:
Greg has been blogging for over 10 years now
Michael Ducharme – Ansible yes/no bug…what a bummer. Fix is
Greg uses two passive poe injectors and a Y barrel cable to harvest power and pass it along.
Installing Cisco’s Virtual Wireless Lan Controller in Proxmox is easy
Please remind Greg that in Linux a period before a filename makes it hidden *sigh*
Miller found a GoalZero Yeti, temp replacement for a generator.
unms free cloud hosting (not sure if this has been discussed)
EU Strong customer authentication (SCA) for credit card payments live sept 14th — 3ds v2
Tom says in 6.44.5 if yo uhave a drop in/out input rule for invalid you must explicitly allow GRE/EOIP for tunnels.
Mikrotik Audience is on mikrotik.com, so likely shipping soon
New Mikrotik model strings in ROS: CCR-eOW-12x100G-36x25Gw, CCR-eOW-1x25Gw-2x10GC, CCR-eOW-1Gw-1G. “Extreme Performance”
LAG with CRS305 works, but switchOS sucks. Mikrotik LAGfast path on receive only. CRS326 does it in hardware. Eh, I’ll just use a Cisco4948.

Mikrotik V7 Below
Mikrotik releases V7…seriously. Released for ARM right now – HapAC2
Brock suggests going to http://butt.holdings
WAPGR LTE/4G/LTE-US testing, to get v7 ready for upcoming 5G products, according to Sergejs
MPLS/BGP disabled right now…aparently there’s RIP, though. Rumor milll says routing will be around very soon.
UDP OpenVPN – Yeah boooooiiiiiii
Cox’s keen eye spotted torrent support “download-directory”
split rib and fib – spotted by thrift

Here’s the video:(if you don’t see it, hit refresh)

formats

TheBrothersWISP 96 – Security Issues, Centurylink Outage, UBNT New Hardware



This week Greg , Nick A, Mike, and Thomas cover a lot of ground; must talk about all the things.

This week we talk about:
MikroTik CHR perf issues with AMD Epyc
30+ Cisco unauthenticated RCEs for various Cisco equipt.
Cisco IOS-XE critical (10/10 CVSS) auth vuln
Kubernetes DoS vulns
Webmin unauthenticated RCE vuln (supply chain attack)
Unimus 1.10.4 release
DIY USB Powered Fiber Tester
Pinpointing outdoor fiber damage
Centurylink’s mystery outage due to 4 malformed packets
Greg finally plays with a modern capsman install
Chad uses option 82 to send interface name back to sonar for authentication “remote agent ID”
Twitch hits 2.2 mil total concurrent viewers during WOW Classic launch – 10+ Tbps traffic
Ubiquiti Unifi Talk Controller – Ubiquiti voip system
Ubiquiti AirFiber60 – 60ghz dish antenna with 5ghz failover
Ubiquiti Sunmax Solar
Is the movie Brazil good or bad, and why it’s terrible
Great British Bakeoff is back(The world rejoices)

Here’s the video:(if you don’t see it, hit refresh)

formats

TheBrothersWISP 95 – Mikrotik 60Ghz Tuning, Neighbor Discovery, ROS Post Exploitation



This week Greg , Miller, and Tomas catchup about Mikrotik, Mikrotik, then a little bit of Mikrotik.

This week we talk about:
Miller – LHG 60 experiences
Miller – Neighbor discover over bonding interfaces
Mikrotik copper 10Gb SFP
Mikrotik newsletter 90
RouterOS post exploitation – local only method to gain shell access
Urgent 11

Here’s the video:(if you don’t see it, hit refresh)

formats

TheBrothersWISP 94 – Urgent 11, Yeahlink W/ 3CX, Ansible

Published on August 5, 2019, by in Mikrotik, Networking.



This week Greg and Mike sneak a cast in a day early(shhhhhhh, don’t tell anyone).

This week we talk about:
Urgent 11 – vxworx vulnerabilities – dell powerconnect, sonicwalls, etc.
Greg is learning ansible
WISPAMERICA Dallas March 16
4011s SFP+ issues with 6.45.x – acknowledged issue, could be repaired at this point.
Proxmox 6.1 is getting a networking overhaul – vxlan/eVPN
Resetting a yealink phone via TFTP
Yealink phones on 3cx requires you to add multiple accounts for multiple extensions
“Mike’s” Ansible for UBNT virus

Here’s the video:(if you don’t see it, hit refresh)

formats

TheBrothersWISP 93 – Copper 10Gb, Fiber Projects And Kit

Published on July 21, 2019, by in Mikrotik, Networking.



This week Greg and Mike sneak a cast in a day early(shhhhhhh, don’t tell anyone).

This week we talk about:
Mikrotik CRS copper 10G – CRS312-4C+8XG-RM
Generic and Cisco optics work well in Mikrotik kit
Physically securing Mikrotiks – 1/16th” steel braided cable
Mikrotik 6.45.1 requires a new version of winbox(3.19)
Greg completed backbone migration at one datacenter to ASR9000s
Nickie B came up with an ansible playbook to put rate-limits on ubiquiti kit
Fiber terminations – all I see anyone use is pigtails for splicing
Cheap splicers – SignalFire(AI-7 or AI-8) or Komshine All around $1K
Cox says that when ordering kit from aliexpress he recommends getting a handful of samples and testing them for a while
Cox found a GPON calculator from Huawei
Danny sends a link on doing midspan splices

Here’s the video:(if you don’t see it, hit refresh)

formats

TheBrothersWISP 92 – IPAMs, Verizon Cust BGP Leak, Linux TCP DoS



This week Greg, Tomas, and almost Tom Smyth(but not quite) catch up on a month’s worth of stuff. The show is complete with a Tomas rant(your life is now complete).

This week we talk about:
Greg is looking for a reasonably priced OTDR
Lightning hitting a tree can take out your fiber
PHPIPAM for address management
Mikrotik CVE (linux in general) TCP DOS – fix in 6.45.1
Mikrotik 6.45.1 – API has changed so sonar and other systems aren’t working with it
Bridge filter in MIkrotik can block rogue DHCP servers without sacrificing hardware filtering.
Quick article on installing Mikrotik CHR on proxmox
Nick A. wanted a looking glass, and Greg’s favorite is routeviews
HFS webserver is a good way to test ports through a firewall – thanks Tomas
Physically security APs
Verizon customer leaked full routes due to a route optimizer
The “Tomas corner”:
Tomas loves his Linux Desktop – fully migrated from Windows to Linux on primary PC
RadMan – FOSS FreeRadius Management GUI
Unimus 1.10.2 release
Dealing with CAs as a non-US company is stupid

Here’s the video:(if you don’t see it, hit refresh)