Centralized configuration, backups and firmware upgrades. Performance charts with real-time graphs. Device discovery.
Antenna alignment. Configuration backup and sharing. Offline firmware upgrades. Capacity and signal level calculations based on geographic coordinates. No need for client-side plug-ins — an intuitive and quick interface features a responsive design for mobile use. Device Analyzer WiFiman scans the whole network subnet and shows you all of the available devices.
Network Speed Test You can test the speed of your internet connection. Intuitive and robust configuration. Control and monitoring. Local and cloud access. Seamlessly adopt UniFi devices on offsite controllers. Easily access local and cloud controllers. Make quick configuration adjustments.
Highly Scalable Add 20 cameras to your system to cover every angle. Performance Powerful optics, high power night vision, and sharp, full HD video streaming.
No Monthly Fees Free cloud access for streaming and viewing your recordings. Control your data Your video is stored on your own secure hardware, not a cloud server. UniFi Operator. Making day-to-day jobs of your ISP business simpler.
Research has learned that this service is used for a variety of things, including device discovery to facilitate easily locating of Ubiquiti devices in a managed environment. At least this portion of the protocol is quite simple, requiring a simple 4-byte message that elicits a large response including the name, model, firmware version, IPs, MACs, and sometimes the ESSID if it is a wireless device of some manner.
A simple POC of this functionality can be seen below when run against a mostly default Ubiquiti mFi device:. The amplification factor is x but does not appear to suffer from multi-packet responses, at least with what is known today.
With such a large quantity of potentially vulnerable devices exposed, a DoS harnessing the available bandwidth and power of these systems could be used to conduct an attack in excess of 1Tbps, which is a crippling amount of traffic to all but the most fortified infrastructure.
It is unclear what other capabilities exist in this service, but it would not be surprising if there were other management capabilities baked in or nearby. That is a lot of devices. Examining where these devices live shows that Brazil is home to more than half of these, with large chunks in the U. By decoding the responses, we are able to learn about the nature of these devices and clues as to how or why they are exposed publicly.
By inspecting the name of the device, which will generally default to something based on the model name or whatever is configured at initial install, we see even more troubling patterns:. It seems that attackers have already identified additional problems with these devices and have exploited over 17, of them, as evinced by the defaced hostnames.
We can also see from the product version table above that along with being exposed to attackers, most of the devices in each product family are running outdated versions.
Manually setting the controller address for a Unifi AP
This may explain the exploitation we described previously given the dangerous combination of service exposure, unpatched vulnerabilities, and default credentials some of the hacker-changed device names noted the presence of default credentials.
The port exposure also reveals the internal network IP addressing scheme of behind the target devices. Examining the global honeypots that we monitor as part of Project Heisenbergwe have been seeing traffic destined to this UDP port for over a year, the vast majority of which appears to be traffic similar in nature to the discovery mechanism we described above.
Given the known possibility for abuse of this protocol in DoS attacks and the evidence and reports of active exploitation, Rapid7 suggests that all affected entities audit their external exposure for these devices and restrict or control access to this service as appropriate, which could include firewall or ACL rules, or disabling the affected service using recommendations from Ubiquiti. The raw data from this study is available on Rapid7 Opendataalong with all of our UDP and other studies.
We welcome any feedback on this topic and encourage collaboration. Reach out to us via the comments, on Twitter rapid7or via research rapid7. There have been several updates from the Ubiquiti community and a Twitter response from Ubiquiti that suggest that these devices are exposed due more to poor security hygiene than anything else—failure to update, use secure passwords, or follow vendor recommendations with regards to security best practices.
Shortly after our original publication earlier this month, Ubiquiti posted an article that describes this discovery functionality and how to disable it, if desired.
In our original post on this two weeks ago, we reportedunique IPv4s advertising this service.Just installed UniFi Controller 3.
The server and AP's are plugged directly into the same switch. I can launch the UniFi Controller webpage, and it functions. I can launch the UniFi-Discover tool, and it opens, but even after letting it sit for an hour, I get nothing but the error above.
First time I've used this software, was wondering if anyone can point me in the right direction. Try a reset of the AP.Ubiquiti Discovery v.2.3
A CloudKey is a neat solution for a small deployment, but you're past that. Time for some more serious infrastructure. Were they adopted on another computer?
Ubiquiti Device Discovery Tool
If so you may have to forget them from there and then adopt on new server. Nope, brand new out of the box, first time powered up. Got the 3-pack, and it cant find any of the 3. One person stated this issue was solved by installed v3. My only suggestion would be to checkout the Ubiquiti community to look for answers or post your problem there. Are the AP's and the server on the same subnet? You mentioned they are on the same switch, but I want to make sure they are on the same network segment ie not on a different VLAN.
I haven't used Unifi in a while, but I remember it being picky with Java. I found this on the Unifi support forums where they recommended downgrading the Java version.
I was having issues with the Unifi controller on Windows. I went ahead and setup Ubuntu and installed the Unifi controller there and it's been much more stable and have noticed an increase in speeds and signal here in the building.
A couple of things I would do. If there are no leases out there, check and make sure the APs are actually lit and the LAN port wires on your power bricks are fully seated. If there ARE leases out there then a reset should help. You said there's no firewall on the server. You might want to double check and make sure. That'll let you know if the server is capable of seeing them.
Misspelled the A record for the UniFi Controller.In some circumstances there may be a need to manually tell a Unifi AP where to find its controller. This may be needed if you can't provide the host name "unifi" in the DNS server for the subnet that the APs are located in.
The prerequisite to this process is you must know the IP address of the AP you need to modify. How you accomplish that I leave to you.
You must reset the AP to defaults before changing the inform ip address. To do so execute the following command. This will reboot the radio and disconnect your SSH session. Once it comes back online, you will need to reconnect. My need for this arose when I copied my config from my local Unifi controller to a new one on a VM in a different subnet. Since I didn't have direct control of the router, I had to find a solution until the router could be updated. Thanks to the Ubiquiti forum guys for providing this solution.
FYI - Seems with the newer version you need to issue set inform again once you've adopted it in the web admin. Thanks for this. Especially useful on cloud config. I couldn't figure out why it disconnected after adoption. I kept on resetting it and and then set-inform.
Little did I know I shouldn't have reset it. We have multiple offices connected via site-to-site VPN and have had trouble getting some of our remote APs to show up on our controller that is run in our main office. I knew about the restore-default command but did not know how to tell it what inform URL to look at.
This really did the trick. FYI, at first it wasn't even showing up. After the first set-inform it showed up in the controller but said it was disconnected. Ran set-inform again and it upgraded, provisioned, and connected.
How To Connect a UniFi AP to remote UniFi Server via SSH
I will be doing this on the rest of my unseen AP's very shortly. Thanks again. I have a Unifi AP, but the machine with the controller crashed without a backup It wasn't a critical machine, but I do wish we had the controller config saved. Unfortunately, I can't answer your question. I would highly recommend you ask over at the Ubiquiti community.If You do not agree to such updates, You are not permitted to, and You must not, download, install, access or use the Software.
If You object to any such change, Your sole recourse will be to cease using the Software. Continued use of the Software following any such change will indicate Your acknowledgement of such change and agreement to be bound by the new terms and conditions. Your use of 1 websites located at www.
Subject to Section I dYou may access and use the Software only if You can form a binding contract with Ubiquiti and only if You are in compliance with the terms of this EULA and all applicable laws and regulations. If You are an Authorized User, You represent and warrant that You are over the age of 13 or equivalent minimum age in the jurisdiction where You reside or access or use the Softwareand in the event You are between the age of 13 or equivalent minimum age in the jurisdiction where you reside or access or use the Software and the age of majority in the jurisdiction where You reside or access or use the Software, that You will only use the Software under the supervision of a parent or legal guardian who agrees to be bound by this EULA.
Any use or access to the Software by individuals under the age of 13 or equivalent minimum age in the jurisdiction where you reside or access or use the Services is strictly prohibited and a violation of this EULA. License Grant. Subject to Your compliance at all times with the terms and restrictions set forth in this EULA, Ubiquiti grants You, under its rights in and to the Software, a worldwide, non-sublicensable, non-transferable, non-exclusive, revocable, limited license to download and use the Software in object code form only, solely in connection with the Product that You own or control.
Limitations on Use. You are responsible for obtaining, properly installing and maintaining the Software and any other services or products needed for access to and use of the Software, and for paying all charges related thereto. Third Party Software. Your use of External Software is subject in all cases to the applicable licenses from the External Software provider, which shall take precedence over the rights and restrictions granted in this EULA solely with respect to such External Software.
Copyrights to Open Source Software are held by their respective copyright holders indicated in the copyright notices in the corresponding source files. Ubiquiti does not provide any warranty, maintenance, technical or other support for any External Software. Accordingly, Ubiquiti is not responsible for Your use of any External Software or any personal injury, death, property damage including, without limitation, to Your homeor other harm or losses arising from or relating to Your use of any External Software.
Intellectual Property Ownership; Trade Secrets. You do not have or receive any title or interest in or to the Software, the Content, or the Intellectual Property Rights contained therein through Your use of the Software or otherwise.
You further acknowledge and agree that the Software contains the valuable trade secrets and proprietary information of Ubiquiti and its affiliates. You agree to hold such trade secrets and proprietary information in confidence and You acknowledge that any actual or threatened breach of this obligation will constitute immediate, irreparable harm for which monetary damages would be an inadequate remedy, and that injunctive relief is an appropriate remedy for such breach.
You are not permitted to use any of the Marks without the applicable prior written consent of Ubiquiti or such respective holders. Automatic Updates. Ubiquiti may, from time to time and at its sole option, provide patches, bug fixes, corrections, updates, upgrades, support and maintenance releases or other modifications to the Software, including certain External Software, which items shall be deemed part of the Software and External Software hereunder. These may be automatically installed without providing any additional notice to You or receiving Your additional consent.
If You do not consent, Your remedy is to stop using the Software. Notwithstanding the foregoing, Ubiquiti withholds the right to require You to install any patches, bug fixes, corrections, updates, upgrades, support and maintenance releases or other modifications in order to access and use the Software.
Term and Termination. You may discontinue Your use of and access to the Software at any time. You may terminate it at any time upon written notice to Ubiquiti at legal ui. Upon any such termination, the licenses granted by this EULA will immediately terminate and you agree to stop all access and use of the Product, Software and documentation and destroy the Software and documentation, together with all copies and merged portions in any form.
Emergency Response; High Risk Activities. Data Storage. Ubiquiti is not responsible or liable for the deletion of or failure to store or process any information or other content provided by You or transmitted in the course of using the Software. You are solely responsible for securing and backing up such submissions. Such characteristics may negatively affect the operation of previously installed software or equipment.
You are advised to safeguard important data, to use caution and not to rely in any way on the correct functioning or performance of the software and accompanying materials.Just installed UniFi Controller 3. The server and AP's are plugged directly into the same switch. I can launch the UniFi Controller webpage, and it functions.
I can launch the UniFi-Discover tool, and it opens, but even after letting it sit for an hour, I get nothing but the error above. First time I've used this software, was wondering if anyone can point me in the right direction. Try a reset of the AP.
A CloudKey is a neat solution for a small deployment, but you're past that. Time for some more serious infrastructure.
Were they adopted on another computer? If so you may have to forget them from there and then adopt on new server.
Nope, brand new out of the box, first time powered up. Got the 3-pack, and it cant find any of the 3. One person stated this issue was solved by installed v3.
My only suggestion would be to checkout the Ubiquiti community to look for answers or post your problem there. Are the AP's and the server on the same subnet? You mentioned they are on the same switch, but I want to make sure they are on the same network segment ie not on a different VLAN.
I haven't used Unifi in a while, but I remember it being picky with Java. I found this on the Unifi support forums where they recommended downgrading the Java version. I was having issues with the Unifi controller on Windows. I went ahead and setup Ubuntu and installed the Unifi controller there and it's been much more stable and have noticed an increase in speeds and signal here in the building.
A couple of things I would do. If there are no leases out there, check and make sure the APs are actually lit and the LAN port wires on your power bricks are fully seated. If there ARE leases out there then a reset should help. You said there's no firewall on the server.
You might want to double check and make sure. That'll let you know if the server is capable of seeing them.The browser you are using is not supported. We recommend using Chrome or Firefox to get the best experience. Now we can host UNMS for you, for free. Host UNMS yourself locally, without limitations.
Host UNMS locally. If your server is running Ubuntu Let your network and business grow. UNMS now manages both your network and clients. One point of access. Automatic topology overview. Zoom out to see your whole network. Topology views are created automatically for Ubiquiti devices, and can be easily adjusted for 3rd party devices. UNMS stores up to a year of data for all your devices. Use this data to easily identify whether an issue is recent or long-term; gradual or sudden; or affecting 1 or s of your clients.
This can take just a few seconds. All you need to do is change the plan. The quality of service on the gateway will be set automatically. Schedule firmware upgrade for all the devices with one click and UNMS will take care of the upgrade at the scheduled time.
If a problem occurs, the process is automatically stopped so it can be diagnosed. UNMS Mobile is also synced automatically, so logging in to any device is simple and seamless. Powerful mobile apps. We believed some things could be done much faster on a phone than on a laptop. Now we know. Faster device setup. Connecting a new customer? Hands-free antenna alignment.
Enable sound feedback and align your airMAX or airFiber safely, without the need to constantly verify alignment on your phone.