[HamWAN PSDR] Rattlesnake DNR shack is down

Fred Moses fred at moses.bz
Sat Mar 6 09:51:23 PST 2021


Yes that is the default on those cards..  The CyberPower cards are set that way too.  We change and then disable the read/write string as part of our setups.   We also stick our UPS’s and PDU's in a management subnet for added fun.

--
Fredric Moses - W8FSM - WQOG498

> On Mar 6, 2021, at 12:46 PM, Bart Kus <me at bartk.us> wrote:
> 
> Stephen and I went to visit Rattlesnake yesterday to figure out what's wrong.  The building had power, but the new UPS was powered off.  Its network control card had a light, indicating it was alive, just no network to link to.  I pulled the 120V plug, and a relay clicked but UPS did not change state.  I restored 120V power, and a relay clicked but UPS did not change state.  I unplugged/replugged the display, and it flashed all LEDs and went back to indicating off state (no LEDs).  Finally I pressed power button and everything powered back up normally.
> 
> I suspected the UPS software had been unintentionally set to stay powered off after it ran out of battery juice, and then power was restored.  I checked the settings thoroughly, and everything looks like it was set to tell the UPS to power back on after it had shut down from battery exhaustion.  Only a test will verify this is indeed working as intended though.
> 
> I started setting up event notification from the UPS and making sure our management system can monitor it too, and noticed something really weird.  The defaults in the UPS software apparently leave a write-enabled SNMP account with the default credentials of "private", with access allowed from anywhere (IP 0.0.0.0).  I'm now wondering if someone intentionally sent an SNMP write command to some OID that told the UPS to power off?  Does anyone have experience with APC UPSes that can verify these insane defaults and that there is some OID that can command the UPS to power off?
> 
> SNMP write access has been disabled on both new UPSes now, and firewall rules installed to prevent general internet access.
> 
> --Bart
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20210306/3df09997/attachment.sig>


More information about the PSDR mailing list