docs: record unifi firewall enforcement and closeout
This commit is contained in:
@@ -0,0 +1,101 @@
|
||||
# UniFi Legacy CIA Closeout — 2026-05-23
|
||||
|
||||
Purpose: close out the remaining unidentified `CIA Via` / `Old IoT` clients after the easy-value migrations and the Trusted-lane Intellirocks cleanup.
|
||||
|
||||
## Scope
|
||||
This document covers the leftover unidentified devices that should remain in legacy quarantine.
|
||||
|
||||
Historical basis used:
|
||||
- `home/doris-dashboard/docs/unifi-client-cleanup-shortlist-2026-05-22.md`
|
||||
- `home/doris-dashboard/docs/unifi-client-rehome-results-2026-05-22.md`
|
||||
- `home/doris-dashboard/docs/old-iot-tomorrow-disposition-list.md`
|
||||
- `home/doris-dashboard/docs/intellirocks-triage-result-2026-05-23.md`
|
||||
|
||||
Important note:
|
||||
- The live UniFi read helper in this shell cannot currently re-poll the controller because local `automation/.env` here does not contain the `UNIFI_*` credentials.
|
||||
- So this closeout is based on the latest verified operator artifacts already captured during the live session, plus the completed Intellirocks Trusted-lane cleanup from 2026-05-23.
|
||||
|
||||
## What is already resolved
|
||||
These are no longer part of the legacy-quarantine leftovers:
|
||||
- `MyQ-29B` -> moved `Old IoT` -> `IoT`
|
||||
- `LG_Smart_Dryer2_open` -> moved `Old IoT` -> `IoT`
|
||||
- `Samsung-FamilyHub` -> moved `Old IoT` -> `IoT`
|
||||
- `Main-Floor` ecobee -> moved `Old IoT` -> `IoT`
|
||||
- `Upstairs` ecobee -> moved `Old IoT` -> `IoT`
|
||||
- Trusted-lane Intellirocks sibling `d4:ad:fc:f2:df:d2` -> moved `Trusted` -> `Old IoT`
|
||||
|
||||
## Final disposition for remaining unidentified Legacy CIA devices
|
||||
|
||||
### 1) 5c:61:99:41:73:40
|
||||
- Last known IP: `192.168.1.172`
|
||||
- Vendor: `Cloud Network Technology Singapore Pte. Ltd.`
|
||||
- Final disposition: `keep quarantined on Old IoT`
|
||||
- Why:
|
||||
- unnamed
|
||||
- unclear function
|
||||
- insufficient evidence to grant clean `IoT`
|
||||
- Follow-up class: `identify later / possible kill-candidate if nobody can identify it`
|
||||
|
||||
### 2) 60:74:f4:54:fd:ec
|
||||
- Last known IP: `192.168.1.136`
|
||||
- Vendor: `Private`
|
||||
- Final disposition: `keep quarantined on Old IoT`
|
||||
- Why:
|
||||
- private/randomized identity
|
||||
- no useful hostname
|
||||
- no evidence it deserves promotion
|
||||
- Follow-up class: `identify later / strong kill-candidate pool`
|
||||
|
||||
### 3) 60:74:f4:7b:6a:11
|
||||
- Last known IP: `192.168.1.117`
|
||||
- Vendor: `Private`
|
||||
- Final disposition: `keep quarantined on Old IoT`
|
||||
- Why:
|
||||
- same reasoning as the other private/randomized leftover
|
||||
- no positive identification
|
||||
- Follow-up class: `identify later / strong kill-candidate pool`
|
||||
|
||||
### 4) c0:f5:35:20:5d:94
|
||||
- Last known IP: `192.168.1.183`
|
||||
- Vendor: `AMPAK Technology,Inc.`
|
||||
- Final disposition: `keep quarantined on Old IoT`
|
||||
- Why:
|
||||
- broad embedded/vendor bucket
|
||||
- no positive identification
|
||||
- no justification for moving into cleaner `IoT`
|
||||
- Follow-up class: `identify later / possible kill-candidate`
|
||||
|
||||
### 5) d4:ad:fc:60:90:6a
|
||||
- Last known IP: `192.168.1.100`
|
||||
- Vendor: `Shenzhen Intellirocks Tech co., ltd`
|
||||
- Final disposition: `keep quarantined on Old IoT`
|
||||
- Why:
|
||||
- still unidentified
|
||||
- vendor family now has three low-trust/quarantine-aligned siblings, including the former Trusted device moved back out on 2026-05-23
|
||||
- this strengthens the case that these are embedded smart-home / disposable low-trust devices, not operator endpoints
|
||||
- Follow-up class: `identify later / likely kill-candidate if never claimed`
|
||||
|
||||
### 6) d4:ad:fc:ea:7f:65
|
||||
- Last known IP: `192.168.1.101`
|
||||
- Vendor: `Shenzhen Intellirocks Tech co., ltd`
|
||||
- Final disposition: `keep quarantined on Old IoT`
|
||||
- Why:
|
||||
- same reasoning as sibling Intellirocks device above
|
||||
- no positive identification
|
||||
- Follow-up class: `identify later / likely kill-candidate if never claimed`
|
||||
|
||||
## Operational conclusion
|
||||
The remaining Legacy CIA leftovers do not need migration work right now.
|
||||
|
||||
The correct closeout posture is:
|
||||
- leave all six unidentified leftovers on `Old IoT`
|
||||
- do not promote them into `Trusted`, `Management`, or clean `IoT`
|
||||
- treat them as explicit quarantine residents pending later identification or eventual retirement
|
||||
|
||||
## What this means for the remaining task list
|
||||
Legacy CIA closeout is complete as a policy/disposition decision.
|
||||
|
||||
The remaining network cleanup work is now mainly:
|
||||
- Google/cast validation and any resulting placement decisions
|
||||
- final SSID simplification once Google behavior is understood
|
||||
- optional future kill-pass for unclaimed legacy leftovers
|
||||
Reference in New Issue
Block a user