docs: record unifi firewall enforcement and closeout
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled

This commit is contained in:
Fizzlepoof
2026-05-23 02:08:15 +00:00
parent bec21292de
commit 462b39e572
14 changed files with 841 additions and 41 deletions

View File

@@ -0,0 +1,101 @@
# UniFi Legacy CIA Closeout — 2026-05-23
Purpose: close out the remaining unidentified `CIA Via` / `Old IoT` clients after the easy-value migrations and the Trusted-lane Intellirocks cleanup.
## Scope
This document covers the leftover unidentified devices that should remain in legacy quarantine.
Historical basis used:
- `home/doris-dashboard/docs/unifi-client-cleanup-shortlist-2026-05-22.md`
- `home/doris-dashboard/docs/unifi-client-rehome-results-2026-05-22.md`
- `home/doris-dashboard/docs/old-iot-tomorrow-disposition-list.md`
- `home/doris-dashboard/docs/intellirocks-triage-result-2026-05-23.md`
Important note:
- The live UniFi read helper in this shell cannot currently re-poll the controller because local `automation/.env` here does not contain the `UNIFI_*` credentials.
- So this closeout is based on the latest verified operator artifacts already captured during the live session, plus the completed Intellirocks Trusted-lane cleanup from 2026-05-23.
## What is already resolved
These are no longer part of the legacy-quarantine leftovers:
- `MyQ-29B` -> moved `Old IoT` -> `IoT`
- `LG_Smart_Dryer2_open` -> moved `Old IoT` -> `IoT`
- `Samsung-FamilyHub` -> moved `Old IoT` -> `IoT`
- `Main-Floor` ecobee -> moved `Old IoT` -> `IoT`
- `Upstairs` ecobee -> moved `Old IoT` -> `IoT`
- Trusted-lane Intellirocks sibling `d4:ad:fc:f2:df:d2` -> moved `Trusted` -> `Old IoT`
## Final disposition for remaining unidentified Legacy CIA devices
### 1) 5c:61:99:41:73:40
- Last known IP: `192.168.1.172`
- Vendor: `Cloud Network Technology Singapore Pte. Ltd.`
- Final disposition: `keep quarantined on Old IoT`
- Why:
- unnamed
- unclear function
- insufficient evidence to grant clean `IoT`
- Follow-up class: `identify later / possible kill-candidate if nobody can identify it`
### 2) 60:74:f4:54:fd:ec
- Last known IP: `192.168.1.136`
- Vendor: `Private`
- Final disposition: `keep quarantined on Old IoT`
- Why:
- private/randomized identity
- no useful hostname
- no evidence it deserves promotion
- Follow-up class: `identify later / strong kill-candidate pool`
### 3) 60:74:f4:7b:6a:11
- Last known IP: `192.168.1.117`
- Vendor: `Private`
- Final disposition: `keep quarantined on Old IoT`
- Why:
- same reasoning as the other private/randomized leftover
- no positive identification
- Follow-up class: `identify later / strong kill-candidate pool`
### 4) c0:f5:35:20:5d:94
- Last known IP: `192.168.1.183`
- Vendor: `AMPAK Technology,Inc.`
- Final disposition: `keep quarantined on Old IoT`
- Why:
- broad embedded/vendor bucket
- no positive identification
- no justification for moving into cleaner `IoT`
- Follow-up class: `identify later / possible kill-candidate`
### 5) d4:ad:fc:60:90:6a
- Last known IP: `192.168.1.100`
- Vendor: `Shenzhen Intellirocks Tech co., ltd`
- Final disposition: `keep quarantined on Old IoT`
- Why:
- still unidentified
- vendor family now has three low-trust/quarantine-aligned siblings, including the former Trusted device moved back out on 2026-05-23
- this strengthens the case that these are embedded smart-home / disposable low-trust devices, not operator endpoints
- Follow-up class: `identify later / likely kill-candidate if never claimed`
### 6) d4:ad:fc:ea:7f:65
- Last known IP: `192.168.1.101`
- Vendor: `Shenzhen Intellirocks Tech co., ltd`
- Final disposition: `keep quarantined on Old IoT`
- Why:
- same reasoning as sibling Intellirocks device above
- no positive identification
- Follow-up class: `identify later / likely kill-candidate if never claimed`
## Operational conclusion
The remaining Legacy CIA leftovers do not need migration work right now.
The correct closeout posture is:
- leave all six unidentified leftovers on `Old IoT`
- do not promote them into `Trusted`, `Management`, or clean `IoT`
- treat them as explicit quarantine residents pending later identification or eventual retirement
## What this means for the remaining task list
Legacy CIA closeout is complete as a policy/disposition decision.
The remaining network cleanup work is now mainly:
- Google/cast validation and any resulting placement decisions
- final SSID simplification once Google behavior is understood
- optional future kill-pass for unclaimed legacy leftovers