On the Ubuntu Linux family, for instance, you can fix it with the following steps:
Open /etc/sysctl.conf, with an editor, such as vim.
Enter the line: net.ipv4.tcp_challenge_ack_limit = 999999999
Save the file.
Use the shell command "sysctl -p" to update the configuration.
You can use Linux live CD and a program named chntpw will do the rest. You don’t have to install that OS to your hard drive. I am showing you how to do it using Linux Mint.
Visit Linux Mint website and download ISO. Burn it to a disc and boot up your computer using that bootable disc.
Go to Menu>Accessories>Terminal.
Type sudo apt-get update. Press Enter.
Type sudo apt-get install chntpw. Press Enter and keep that terminal open.
From desktop go to Computer and then just open the drive where Windows is loaded. It will mount that drive.
In the terminal type cat /proc/mounts. Hit Enter. It will give output like /dev/sda1 /media/CA123DD456EA6512. This long serial no will vary in your case. Change it accordingly in next command.
Type cd /media/ CA123DD456EA6512. Hit Enter.
Type cd Windows/System32/config/ and Press Enter.
Type sudo chntpw SAM and Press Enter. You will get a menu with all users of the system. Default is Administrator. Type 1 and press Enter to clear user password.
If you need to reset password for a specific user, type sudo chntpw -u username SAM and follow previous instructions.
Close everything and reboot system.
I was going to suggest the chntpw. As far as I know that's compatible up to Windows 8.1... Never had to use it on Win10 yet.
Interesting to note that people compared it a bit to the TeamViewer breach, but it was quickly pointed out that, while a PR disaster, TeamViewer did not actually have a breach.
My understanding of how Ubiquiti handles guest mode is that it drops packets destined for internal networks. What I don't know is like I think some others were getting at - what if the user tries to go to another local subnet outside the subnet their on. I guess I'll just keep the VLAN thing.
My understanding is that it totally drops those packets too. In some ways, that makes it more secure than a VLAN because just hijacking a physical switch is not enough to grab the packets.
