We have recently been infected with the w32/lovegate virus. It appears that we have gotten rid of the virus, however since it has come along we have had our users getting kicked off the network 4 or more times per day. It is only happening to users that go through our cisco wireless AP's, no one else is being affected at all. Could the virus have gotten into the firmware or corrupted something else? One of the effects of the virus is increased network traffic, however it is not destructive it is just a bigtime nuisance.
W32.HLLW.Lovgate.H@mm is a variant of W32.HLLW.Lovgate@mm. This variant is also a mass-mailing worm that attempts to email itself to all the email addresses it finds in the files whose extensions start with "ht." The subject and attachment of the incoming email are chosen from a predetermined list.
This worm also attempts to copy itself to all the computers on a local network, and then infect these computers. The worm also has Backdoor Trojan capabilities. By default, the Trojan component listens on ports 10168.
If the infected computer runs Windows NT, 2000, or XP, the worm will attempt to disguise itself as the normal Windows process, "LSASS.EXE."
This threat is written in the C++ programming language and is compressed with ASPack.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...