Sierra Wireless Technical Bulletin: Malware Threat (ALEOS 4.5.2 or older)

The Sierra Wireless security team has discovered a new malware threat targeting gateways running ALEOS 4.5.2 or older that are directly reachable from the public internet and not on a private network.  The link below contains the latest technical bulletin and provides details about the issue and affected products along with instruction on recommended actions.


The Airlink Management Service (ALMS) is a secure cloud-based device management application that makes it easy to configure and update any number of Sierra Wireless gateways remotely. If you have multiple gateways and do not currently subscribe to ALMS, you can sign up (max of 15 devices for free tier ALMS) by visiting our website link: ALMS Management Software

Links of Interest

Configure IP Passthrough on Sierra Wireless Modems (ALEOS 4.8.x)

ALEOS 4.8.0 brings new features and enhancements to the Sierra Wireless gateways. If you have a gateway on ALEOS firmware 4.8.0 and trying to configure (enable) IP Passthrough, there's two steps:
  1. Enable IP Passthrough
  2. Enable DMZ
Read on for step by step directions...

Web AceManager
  1. Login to AceManager 
  2. Navigate to the LAN tab. From the DHCP Addressing section, find and expand IP Passthrough.  Make the following changes:
    • IP Passthrough: Ethernet
    • IP Passthrough Mode: First Host
    • IP Passthrough Subnet Mask: 255.255.255.0
    • Reset Host Interface: Enable
    • MAC Address: (leave at defaults)
  3. Click Apply
  4. Navigate to Security -Port Forwarding -DMZ Host Enabled. Make the following changes:
    • DMZ Host Enabled: Automatic
  5. Click Apply
  6. Click Reboot and verify the modem reboot.



After the gateway reboots and connects to the cellular network, the Ethernet LAN device connected to the gateway should now obtain the WAN IP of the Sierra Wireless gateway (allow upto 3 minutes). 

To disable IP Passthrough:
  1. set IP Passthrough to Disabled. Click Apply.
  2. set DMZ Host Enabled to Disable. Click Apply.
  3. Click Reboot and verify the modem reboot.
Note: It is recommended to reboot the Sierra Gateway before connecting to another Ethernet LAN device when configured for IP Passthrough (ex: swapping from laptop/PC to Firewall/Router).

Links of Interest

Sierra Wireless Technical Bulletin: Mirai Malware

Sierra Wireless has confirmed reports of the “Mirai” malware infecting AirLink gateways that are using the default ACEmanager password and are reachable from the public internet. The link below contains the latest technical bulletin and provides information about Mirai along with instructions on how to protect your Sierra Wireless gateway and its local area network.

Sierra Wireless Technical Bulletin: Mirai

The Airlink Management Service (ALMS) is a secure cloud-based device management application that makes it easy to configure and update any number of Sierra Wireless gateways remotely. If you have multiple gateways and do not currently subscribe to ALMS, you can sign up (max of 15 devices for free tier ALMS) by visiting our website link: ALMS Management Software

Secomea SiteManager Device Search

The latest release of the Secomea remote access solution includes a smart new search feature for the SiteManager that makes it possible to automatically scan all Ethernet devices in the network and suggest a suitable agent type that matches the device. With a single click you can create an agent that previously required manually typing IP addresses and selecting types and models.


USB devices connected to the SiteManager are now automatically detected and listed, allowing the fast creation of a suitable agent with a single click. With release 7.0, the SiteManager now allows multiple USB devices connected concurrently, and even the same type. By connecting USB devices via a USB hub, you can connect as many USB devices as you have free agents.

Related Posts
Links of Interest

Secomea Layer 2 Agent

Many modern industrial devices and software tools leverage network discovery features to quickly scan a Local Area Network and provide access to their equipment. These "discovery" scans typically rely on Layer 2 connectivity to broadcast vendor-specific packets on the LAN and process responses from that vendor's devices. Remote Access solutions typically operate at the IP address level (Layer 3). By default, that would prohibit the use of such  discovery tools, but Secomea has provided a means to get around this limitation!  Enter the "Layer 2 Agent", a construct that allows Secomea LinkManager sessions to have Layer 2 access to remote networks. Now, more than ever, it is like you are REALLY there when performing maintenance and troubleshooting of the remote networks you are responsible for.  Read the Secomea Layer 2 Agent White Paper for further information.

Related Posts
Links of Interest